24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
dc70aa0896
Land #19247 , PHP CGI Arg injection RCE
...
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
2024-06-17 11:27:38 -07:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
ade11a5a4b
Added default options fixed Verification Steps
2024-06-14 16:41:12 -07:00
1dfd5da51e
Apache OFBiz Dir Traversal RCE
2024-06-14 16:41:12 -07:00
178bb3e085
Land #19229 , Junos OS PHPRC module enhancement
...
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
2024-06-14 11:35:15 -07:00
1bb95acd12
Updated documentation
2024-06-14 11:02:31 -07:00
d7531ef74c
fix typo in documentation
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-06-13 15:09:56 +01:00
b9b638dd83
Land #19196 , Cacti import package RCE
...
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
2024-06-12 15:43:46 -07:00
45815a4cb5
Code review
2024-06-12 19:47:02 +02:00
18fe758416
Finish up and document the deserialization RCE
2024-06-12 08:58:37 -04:00
f2027784cf
Land #19240 , Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692)
...
Merge branch 'land-19240' into upstream-master
2024-06-11 12:22:29 -05:00
2d63038196
Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md
...
fix a typo in the documentation.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-06-11 16:23:56 +01:00
9bbb82ab55
Land #18998 , VSCode exploit for ipynb integration
...
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
2024-06-10 14:36:57 -07:00
bf9b3f1d2a
add documentation
2024-06-10 17:41:55 +01:00
55fa94995b
Updated check method
2024-06-06 22:23:35 +00:00
c8208704be
add in exploit module for CVE-2024-23692
2024-06-06 18:04:14 +01:00
120fa0f2fe
Land #19208 , Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-06-05 10:17:02 +02:00
67ec4baa66
PR-19208: Add DefaultTarget to the info hash
2024-06-05 10:14:48 +02:00
d7966104f2
touchup docs
2024-06-04 19:40:39 -04:00
6b127249fa
Add suggestions
2024-05-31 20:56:03 +02:00
80ee458410
Land #19151 , Add Flowmon Priv Esc Feature Module
...
Privilege escalation module for Progress Flowmon unpatched feature
2024-05-29 11:35:53 -04:00
72f332aba0
Land #19150 , Add Flowmon Command Injection Module
...
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
2024-05-29 08:28:37 -04:00
4fdf6df1e7
Fix doc
2024-05-28 20:16:33 +02:00
bea708d24c
Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-05-28 18:27:02 +02:00
2c6fc11639
Responded to comments, clean up /etc/sudoers file
2024-05-23 16:56:35 -04:00
a0597007e4
Minor fixes, respond to comments
2024-05-23 14:02:28 -04:00
c6c5f2bf7a
Add module, lib and documentation
2024-05-22 17:38:53 +02:00
0de89d3b2d
Update documentation/modules/exploit/linux/local/progress_flowmon_sudo_privesc_2024.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-05-21 13:42:52 -07:00
6e9e4a5aed
Land #19102 , Northstar C2 Stored XSS to Agent RCE
...
Add exploit module for CVE-2024-28741, Northstar C2 Stored XSS to Agent
RCE
2024-05-21 14:57:44 -04:00
10acd86390
Land #19071 , Add AVideo RCE module
...
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
2024-05-21 14:27:15 -04:00
67154a12e0
Land #19104 , CHAOS rat xss to rce
2024-05-21 11:10:57 +01:00
575e223657
Added documentation
2024-05-19 14:09:58 +00:00
a89d418725
review of northstar c2
2024-05-16 15:17:28 -04:00
da31761336
Lint
2024-05-15 22:13:53 +02:00
3560860e33
Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-05-15 22:07:29 +02:00
d1739f32c2
review of chaos rat
2024-05-13 16:55:43 -04:00
216ffec555
Add Linux compatibility
2024-05-13 10:11:56 -07:00
80fdde5fdc
Land #19100 , Add Loadmaster sudo priv esc
...
Add Kemp Progress Loadmaster sudo abuse priv esc
2024-05-10 10:21:38 -04:00
b28e263a2b
Update debug statements and add protection against bad die name
2024-05-10 08:54:23 -05:00
47c8d7252b
Land #18519 , Docker kernel module escape
2024-05-06 09:08:08 -04:00
b044bcab01
Add command payloads and checks for overwritten files
2024-05-03 13:06:16 -05:00
ca669d8f08
Update docs to reflect changes
2024-05-01 13:45:20 -04:00
c2a561630d
Add local privesc module for Flowmon
2024-05-01 09:07:34 -07:00
a7e97e50ad
Add module for flowmon cmd injection CVE-2024-2389
2024-05-01 08:42:55 -07:00
d94971598b
Add documentation and fix some debug prints
2024-04-29 15:28:34 -05:00
364d491af7
Land #18972 , Progress LoadMaster unauthenticated command injection module CVE-2024-1212
...
Merge branch 'land-18972' into upstream-master
2024-04-26 18:18:40 -05:00
19af4ae4e6
mermaid flow chart
2024-04-24 16:54:02 -04:00
9fb217fb59
northstar c2 exploit
2024-04-24 16:54:02 -04:00
512da4bc45
chaos rat xss to rce
2024-04-24 16:51:58 -04:00
Christophe De La Fuente