adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
31,821 Commits 27 Branches 1,043 Tags
d8d4c23d60ad2ba8a2de0e1661baeeb9eafd6a1b
Commit Graph

1026 Commits

Author SHA1 Message Date
jvazquez-r7 b6146b1499 Use print_warning 2015-03-12 17:22:03 -05:00
Julian Vilas fe822f8d33 Modify automatic file cleanup 2015-03-10 00:45:20 +01:00
Julian Vilas 0ef303cb6c Fix Java payload 2015-03-10 00:01:27 +01:00
Julian Vilas 2eb0011a99 Autotrigger JSP shell at docBase 2015-03-07 20:41:08 +01:00
Julian Vilas 3be2bde5a2 Use bypass for bulletin S2-020 2015-03-07 19:14:20 +01:00
jvazquez-r7 9f3f8bb727 Merging #3323 work 2015-03-05 15:44:15 -06:00
jvazquez-r7 c388fd49c2 Fix print message 2015-03-05 15:43:54 -06:00
jvazquez-r7 e1a4b046a0 Add support for tomcat 7 to struts_code_exec_classloader 2015-03-05 15:40:24 -06:00
sinn3r 8978b1d7b5 Add a version 2015-03-05 11:29:44 -06:00
Ricardo Almeida 32188f09d6 Update phpmoadmin_exec.rb 
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
 2015-03-05 12:56:08 +00:00
Ricardo Almeida 95962aab0d Update phpmoadmin_exec.rb 
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.

Thanks for your feedback guys :)
 2015-03-05 12:46:53 +00:00
Ricardo Almeida 9530e15c81 Update phpmoadmin_exec.rb 
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
 2015-03-04 21:59:08 +00:00
Ricardo Almeida c19895ac85 Update phpmoadmin_exec.rb 
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
 2015-03-04 21:31:44 +00:00
Ricardo Almeida 4d67e0e1bb Add PHPMoAdmin RCE 2015-03-04 18:17:31 +00:00
jvazquez-r7 1f4fdb5d18 Update from master 2015-02-10 10:47:17 -06:00
William Vu a7156cf4a8 Fix zabbix_script_exec datastore 2015-02-05 02:53:22 -06:00
jvazquez-r7 fbf32669c6 Use single quote 2015-02-04 09:47:27 -06:00
julianvilas de09559cc8 Change HTTP requests to succeed when going through HTTP proxies 2015-02-04 15:32:14 +01:00
Julian Vilas f983c8171e Modify description to match both Struts 1.x and 2.x versions 2015-01-30 12:35:38 +01:00
Julian Vilas 1a11ae4021 Add new references about Struts 1 2015-01-29 23:27:52 +01:00
Julian Vilas 4cc5844baf Add Struts 1 support 2015-01-29 23:12:34 +01:00
Tod Beardsley bae19405a7 Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 d8aa282482 Delete some double quotes 2015-01-22 18:21:25 -06:00
jvazquez-r7 4c72b096b6 Switch variable from file_name to operation 2015-01-22 18:20:11 -06:00
jvazquez-r7 b003d8f750 Do final cleanup 2015-01-22 18:17:14 -06:00
jvazquez-r7 911485f536 Use easier key name 2015-01-22 18:11:48 -06:00
jvazquez-r7 eff49b5fd3 Delete files with Rex::Java::Serialization 2015-01-22 17:59:43 -06:00
jvazquez-r7 37bf66b994 Install instaget with Rex::Java::Serialization 2015-01-22 16:54:49 -06:00
jvazquez-r7 20d7fe631e Auto detect platform without raw streams 2015-01-22 15:15:08 -06:00
jvazquez-r7 ad276f0d52 Retrieve version with Rex::Java::Serialization instead of binary streams 2015-01-22 14:52:19 -06:00
jvazquez-r7 f7aaad1cf1 Delete some extraneous commas 2015-01-19 17:25:45 -06:00
jvazquez-r7 dbc77a2857 Land #4517, @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload 
* CVE-2014-5301
 2015-01-19 17:23:39 -06:00
jvazquez-r7 6403098fbc Avoid sleep(), survey instead 2015-01-19 17:22:04 -06:00
jvazquez-r7 a6e351ef5d Delete unnecessary request 2015-01-19 17:14:23 -06:00
jvazquez-r7 ed26a2fd77 Avoid modify datastore options 2015-01-19 17:11:31 -06:00
jvazquez-r7 3c0efe4a7e Do minor style changes 2015-01-19 15:36:05 -06:00
jvazquez-r7 ddda0b2f4b Beautify metadata 2015-01-19 14:59:31 -06:00
Pedro Ribeiro 3768cf0a69 Change version to int and add proper timestamp 2015-01-14 22:59:11 +00:00
David Lanner c5cfc11d84 fix cookie regex by removing a space 2015-01-12 23:13:18 -05:00
Pedro Ribeiro c76aec60b0 Add OSVDB id and full disclosure URL 2015-01-08 23:29:38 +00:00
William Vu ea793802cc Land #4528, mantisbt_php_exec improvements 2015-01-08 04:50:00 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
James Lee 3e80efb5a8 Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c Shorter timeout so we get shell sooner 
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
 2015-01-07 11:11:33 -06:00
James Lee efe83a4f31 Whitespace 2015-01-07 10:19:17 -06:00
Christian Mehlmauer 09bd0465cf fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7 
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
 2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea fix check method 2015-01-07 11:01:08 +01:00
Christian Mehlmauer 862af074e9 fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3 favor include? over =~ 2015-01-07 07:33:16 +01:00