adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,110 Commits 27 Branches 1,043 Tags
d7531ef74c448c2fe2ce06336c7e4792f2dee4db
Commit Graph

2984 Commits

Author SHA1 Message Date
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3900680a96 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:45 +02:00
Valentin Lobstein c815c2b15c Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:19 +02:00
Valentin Lobstein 7d2c06a246 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:04 +02:00
Valentin Lobstein cd10c2d208 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:06:53 +02:00
adfoster-r7 5e1dc05f09 Fix apache_normalize_path_rce check method 2024-05-01 20:01:38 +01:00
Jack Heysel 429eaff5ca RocketMQ fixes 2024-04-26 14:24:08 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
jheysel-r7 3205fe9e63 Apply suggestions from code review 2024-04-19 13:44:18 -04:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Chocapikk 5870ebc6cf Add suggested changes 2024-04-11 22:48:08 +02:00
Valentin Lobstein deaf3d7649 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:37 +02:00
Valentin Lobstein 0ba0cd6cfa Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:01 +02:00
Valentin Lobstein 060e5b1d8b Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:51 +02:00
Valentin Lobstein 8ec8afbc45 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:44 +02:00
Chocapikk 162fc91193 Add CVE-2024-31819 2024-04-09 22:09:10 +02:00
Christophe De La Fuente 34f0afa298 Land #19044, Gibbon Online School Platform Authenticated RCE [CVE-2024-24725] 2024-04-05 16:20:11 +02:00
h00die-gr3y 8afbbc1553 third release module based on smcintyre-r7 comments 2024-04-04 17:14:32 +00:00
h00die-gr3y 8aa6d19e7d second release module 2024-04-01 20:21:37 +00:00
h00die-gr3y d8942b27a2 first release module 2024-04-01 14:49:10 +00:00
Noam Rathaus 609d356083 Extra ',' is causing ruby issues 2024-03-30 17:02:13 +03:00
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Spencer McIntyre c7976d204c Add module metadata and clean things up 2024-03-29 10:40:43 -04:00
Spencer McIntyre 2292da9164 Add the UNC loading technique too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 9dcd0e461f Delete the file using the file manager too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 8fa7aa6407 Initial exploit for CVE-2024-2044 2024-03-29 09:33:44 -04:00
Christophe De La Fuente e6e13e7b45 Fixes from code review 2024-03-29 12:18:16 +01:00
h00die-gr3y 9f50f12e6e update addressing cdelafuente-r7 comments 2024-03-28 18:16:11 +00:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
Balgogan b9b4a624d9 Fix typos 2024-03-26 21:05:35 +01:00
Valentin Lobstein abc39e86f9 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:40:04 +01:00
Valentin Lobstein 672036f53a Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:33 +01:00
Valentin Lobstein 8a1290c8a6 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:23 +01:00
Valentin Lobstein 85e27b0bc3 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:04 +01:00
Christophe De La Fuente 57a45a0b55 CrushFTP exploit module CVE-2023-43177 and documentation 2024-03-25 12:41:24 +01:00
h00die-gr3y 0262efee8b first release module 2024-03-24 09:32:56 +00:00
Christophe De La Fuente 44c5422e07 Land #18922, JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198) 2024-03-13 20:16:27 +01:00
sfewer-r7 6d84f0e898 reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless 2024-03-13 09:58:51 +00:00
sfewer-r7 4bd105202a improve the readability of the XML 2024-03-13 09:29:43 +00:00
sfewer-r7 b04e84ed99 clarify we must call this a second time 2024-03-13 09:17:18 +00:00
sfewer-r7 df2c94f873 anther typo 2024-03-13 09:14:23 +00:00
Stephen Fewer b9e82375c1 typo 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-03-13 09:13:11 +00:00
Stephen Fewer d7bf7bc2ea Use Failure::NoAccess as a better failure error, as we are trying to login 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-03-13 09:12:56 +00:00