adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,283 Commits 27 Branches 1,043 Tags
d89df446bfde2a39773feba4f747d43d12f4e601
Commit Graph

2995 Commits

Author SHA1 Message Date
redwaysecurity.com d89df446bf WIP - added module for CVE-2024-34102 
on-behalf-of: @redwaysecurity info@redwaysecurity.com
 2024-07-04 16:24:39 +02:00
Jack Heysel c1826cd2f3 Land #18829, Allow multiple HttpServers in module 
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
 2024-06-18 09:51:38 -07:00
Jack Heysel e14dd93d6f Rebased encoder fix, removed PS paylaod dependency 2024-06-14 16:59:55 -07:00
Jack Heysel ade11a5a4b Added default options fixed Verification Steps 2024-06-14 16:41:12 -07:00
Jack Heysel 1dfd5da51e Apache OFBiz Dir Traversal RCE 2024-06-14 16:41:12 -07:00
Christophe De La Fuente 8fc6e20cec Update other modules to use java_class_loader_start_service and cmdstager_start_service 2024-06-14 12:57:42 +02:00
Christophe De La Fuente 70b21ff3f2 Update manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module 2024-06-13 16:53:07 +02:00
Jack Heysel b9b638dd83 Land #19196, Cacti import package RCE 
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
 2024-06-12 15:43:46 -07:00
Christophe De La Fuente 45815a4cb5 Code review 2024-06-12 19:47:02 +02:00
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Christophe De La Fuente 06cb6aa713 Update cacti_pollers_sqli_rce to use the new library 
- Update the CSRF token logic in the library
- Update cacti_package_import_rce and cacti_pollers_sqli_rce modules
- Update the FETCH_DELETE logic in cacti_package_import_rce to only
  regenerate the payload when necessary
 2024-05-23 11:30:48 +02:00
Christophe De La Fuente c6c5f2bf7a Add module, lib and documentation 2024-05-22 17:38:53 +02:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3900680a96 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:45 +02:00
Valentin Lobstein c815c2b15c Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:19 +02:00
Valentin Lobstein 7d2c06a246 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:04 +02:00
Valentin Lobstein cd10c2d208 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:06:53 +02:00
adfoster-r7 5e1dc05f09 Fix apache_normalize_path_rce check method 2024-05-01 20:01:38 +01:00
Jack Heysel 429eaff5ca RocketMQ fixes 2024-04-26 14:24:08 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
jheysel-r7 3205fe9e63 Apply suggestions from code review 2024-04-19 13:44:18 -04:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Chocapikk 5870ebc6cf Add suggested changes 2024-04-11 22:48:08 +02:00
Valentin Lobstein deaf3d7649 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:37 +02:00
Valentin Lobstein 0ba0cd6cfa Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:01 +02:00
Valentin Lobstein 060e5b1d8b Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:51 +02:00
Valentin Lobstein 8ec8afbc45 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:44 +02:00
Chocapikk 162fc91193 Add CVE-2024-31819 2024-04-09 22:09:10 +02:00
Christophe De La Fuente 34f0afa298 Land #19044, Gibbon Online School Platform Authenticated RCE [CVE-2024-24725] 2024-04-05 16:20:11 +02:00
h00die-gr3y 8afbbc1553 third release module based on smcintyre-r7 comments 2024-04-04 17:14:32 +00:00
h00die-gr3y 8aa6d19e7d second release module 2024-04-01 20:21:37 +00:00
h00die-gr3y d8942b27a2 first release module 2024-04-01 14:49:10 +00:00
Noam Rathaus 609d356083 Extra ',' is causing ruby issues 2024-03-30 17:02:13 +03:00
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Spencer McIntyre c7976d204c Add module metadata and clean things up 2024-03-29 10:40:43 -04:00
Spencer McIntyre 2292da9164 Add the UNC loading technique too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 9dcd0e461f Delete the file using the file manager too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 8fa7aa6407 Initial exploit for CVE-2024-2044 2024-03-29 09:33:44 -04:00
Christophe De La Fuente e6e13e7b45 Fixes from code review 2024-03-29 12:18:16 +01:00
h00die-gr3y 9f50f12e6e update addressing cdelafuente-r7 comments 2024-03-28 18:16:11 +00:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
Balgogan b9b4a624d9 Fix typos 2024-03-26 21:05:35 +01:00
Valentin Lobstein abc39e86f9 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:40:04 +01:00
Valentin Lobstein 672036f53a Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:33 +01:00