adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,271 Commits 27 Branches 1,043 Tags
dcb42da2697cbcee910bc868eec7427c2a3e8aee
Commit Graph

648 Commits

Author SHA1 Message Date
dwelch-r7 dcb42da269 Land #15612, Add multiple moodle modules 2021-10-11 23:18:55 +01:00
space-r7 327aefd3f5 add older path, fix typo 2021-09-20 12:14:42 -05:00
Spencer McIntyre fd0f565095 Add automatic targeting for the CVEs 2021-09-16 15:15:52 -04:00
Spencer McIntyre d82ed7d4a2 Write up the module docs 2021-09-14 09:10:44 -04:00
h00die 65aae010ce more libs for moodle and teacher priv esc to rce module 2021-09-04 13:31:11 -04:00
h00die 5ea2cf9e5a moodle_admin_shell_upload working and minor other fixes 2021-08-29 16:59:44 -04:00
h00die 176c1f0751 moodle lib and module 2021-08-29 10:50:25 -04:00
h00die a35be13958 moodle 3.8.0 tested 2021-08-28 08:10:28 -04:00
h00die c0a8535764 moodle spellcheck rce 2021-08-27 19:51:52 -04:00
space-r7 c9bdd96c76 remove GIT_HOOK option 
post-checkout is the only hook that will work
with this exploit, so no option is needed. Also update
the documentation to reflect that.
 2021-08-12 10:18:13 -05:00
Shelby Pace 0fe761b838 modify options and add documentation 2021-08-12 10:18:12 -05:00
Grant Willcox ade653f0bf Final fixup edits to change the timeout value to be an advanced option and also to use send_req_cgi 2021-08-05 13:10:24 -05:00
Grant Willcox 00cfdc4f17 Use Faker to generate a fake app name, add in option to specify timeout to server, and also fix Alan's remaining review comments 2021-08-05 09:46:34 -05:00
Grant Willcox 0d7d5ab93f Switch over to Rex::MIME::Message to use our built in mixins, and also fix last remaining review comments 2021-08-02 11:17:26 -05:00
Grant Willcox 27f70af1b3 Fix up some of the mistakes wvu pointed out 2021-07-30 15:28:10 -05:00
Grant Willcox 3427571887 Push up working CVE-2019-11580 exploit and associated documentation 2021-07-30 12:07:12 -05:00
Shelby Pace 183caff15c Land #15418, add modern events calendar rce 2021-07-26 09:45:05 -05:00
Shelby Pace 38ae82155e modify info, fix spacing 2021-07-26 09:43:34 -05:00
Shelby Pace 9e95eb7be1 Land #15408, add Wordpress sp doc file upload 2021-07-23 12:36:29 -05:00
Shelby Pace d207f994c0 modify doc description 
randomize form data, formatting
 2021-07-23 12:33:41 -05:00
Hakyac 1a55cfc88c Update documentation/modules/exploit/multi/http/wp_plugin_sp_project_document_rce.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:10 +02:00
Hakyac 76a7233ee9 Update documentation/modules/exploit/multi/http/wp_plugin_sp_project_document_rce.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:00 +02:00
Hakyac cf9a5be774 Update documentation/modules/exploit/multi/http/wp_plugin_sp_project_document_rce.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:49 +02:00
Hakyac 9eb8d521f8 Update documentation/modules/exploit/multi/http/wp_plugin_modern_events_calendar_rce.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:08:19 +02:00
Shelby Pace 79d49a6857 Land #15402, add Wordpress Backup Guard rce 2021-07-20 15:53:57 -05:00
Shelby Pace f738383b98 rename docs, modify privileged to false 
use vars_get in upload request
 2021-07-20 15:31:38 -05:00
Hakyac 109ca7ec7a Update documentation/modules/exploit/multi/http/wp_plugin_sp_project_document_rce.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2021-07-20 09:05:27 +02:00
Hakyac d26d9f50fa Update wordpress_plugin_backup_guard_rce.md 2021-07-12 14:29:35 +02:00
Hakyac ba69294967 Update wp_plugin_sp_project_document_rce.md 2021-07-12 14:28:35 +02:00
Yann Castel 6934ec7d18 initial commit 2021-07-12 14:25:38 +02:00
Grant Willcox 5c8aa9b802 Add in ForgeRock demonstration and fix up some last minor issues with the documentation to make it more accurate 2021-07-09 16:43:25 -05:00
Spencer McIntyre fba838f4e8 Update docs, pin version and fix the check method 2021-07-09 16:39:58 -04:00
Yann Castel d9233b9d98 typo 2 2021-07-09 11:54:25 +02:00
Yann Castel 3f2d7cda10 typo 2021-07-09 11:51:52 +02:00
Yann Castel 920b88a2bd initial commit 2021-07-09 11:49:53 +02:00
Yann Castel 38cdad47c0 initial commit 2021-07-08 16:53:37 +02:00
Spencer McIntyre a0bd903b50 Update module docs and the TARGETURI option 2021-07-06 15:52:50 -04:00
Spencer McIntyre bfc45359ff More documentation updates and address PR feedback 2021-07-06 11:27:06 -04:00
Spencer McIntyre deb78275d0 Make the requested documentation changes 2021-07-06 09:55:19 -04:00
bwatters 0a43ec7e4a Add module for CVE-2021-35464; pre-auth RCE in ForgeRock OpenAM server 2021-07-02 16:05:39 -05:00
Grant Willcox 537a7763f5 Land #15337, Update apache_activemq_upload_jsp.rb to fix missing checks and add missing slashes to some requests 2021-06-14 15:28:40 -05:00
Grant Willcox 5b274770ef Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
Wyatt Dahlenburg eb76aae2a7 Merge branch 'master' of github.com:rapid7/metasploit-framework into hashicorp_nomad 2021-05-25 15:56:13 -05:00
Wyatt Dahlenburg 6dccf0dd20 Adding Nomad documentation 2021-05-18 10:12:04 -05:00
Alan Foster 2b837a9d11 Add ssl setup documentation for gitlab 2021-05-17 23:59:08 +01:00
Alan Foster 5a0360228f Update cockpit cms module 2021-05-12 17:20:31 +01:00
Brendan Coles 4a93f15c80 Land #15136, Set microfocus_ucmdb_unauth_deser default payload to reverse_python 2021-05-02 10:27:05 +00:00
Pedro Ribeiro e6b605369e UCMDB: remove warning from docs and change Linux target to reverse_python 2021-05-02 16:53:02 +07:00
Tim W 165b25275a minor documentation fix 2021-04-30 22:32:47 +01:00
Grant Willcox f267f0866c Fix up documentation typos and improve JavaScript using comments from @timwr's review. 2021-04-30 10:54:09 -05:00