c4bd91f505
Land #12272 , add October CMS file upload
2019-09-06 10:13:33 -05:00
5f7c243b48
add filedropper, fix check, add to docs
2019-09-06 09:49:09 -05:00
aaebec01a4
Update References
...
Added CVE and Blog link
2019-09-06 18:26:28 +05:30
cf4c10783a
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-05 23:50:18 +05:30
4b416bf530
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-05 23:48:43 +05:30
a7e205e252
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-05 23:48:32 +05:30
0e4e7dd9d9
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-05 23:48:22 +05:30
bc1610ec46
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-05 23:48:14 +05:30
71c1c07b0d
fixed
...
fix EOF on 88 line
2019-09-04 13:08:26 +05:30
aeaf4232fe
updated
...
typo, comments and check fixed
2019-09-04 12:46:31 +05:30
5e63c83257
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-09-04 12:37:21 +05:30
974f078114
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-09-04 12:29:32 +05:30
bb8b3245a3
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-09-04 12:28:59 +05:30
f0eb7da43b
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-09-04 12:28:51 +05:30
7359e4bdd6
fixes suggested by @space-r7
...
fixed check before passing to the accessor, removed res which is not used.
2019-09-04 12:20:39 +05:30
6c6603bbd7
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-03 23:18:31 +05:30
aee17608cd
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-03 23:17:50 +05:30
6934af0b7d
Update modules/exploits/multi/http/october_upload_bypass_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-09-03 23:15:33 +05:30
615661a03d
first build
...
first build of october_upload_bypass_exec
2019-09-03 12:04:38 +05:30
042c181f67
Land #12058 , cisco_dcnm_upload_2019 exploit
2019-08-30 13:33:19 -05:00
3dd9c38fd1
Update cisco_dcnm_upload_2019.rb
2019-08-29 12:42:01 +07:00
bbbf426ec7
make requested changes
2019-08-29 12:16:58 +07:00
bda1120cac
make requested changes
2019-08-29 11:14:40 +07:00
32334c2386
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
817726699c
make requested changes
2019-08-02 22:48:54 +01:00
e11de696d4
Make msftidy happy
2019-08-02 11:17:41 -05:00
cf9b94a964
Set needs_cleanup flag for exploits that need it
...
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
2019-08-02 10:23:53 -05:00
5e64f8560a
Fix whitespace
2019-08-02 10:23:41 -05:00
967b2a018f
Land #12010 , Add exploit module for wp-database-backup Wordpress plugin
2019-07-23 12:21:23 -05:00
ca664512ce
Minor corrections in check and a unsed return value
2019-07-23 12:20:14 -05:00
18f76f00b5
Rename modules/exploit/multi/http/cisco_dcnm_upload_2019.rb to modules/exploits/multi/http/cisco_dcnm_upload_2019.rb
2019-07-12 22:02:05 +01:00
c917ec70d1
Fix missing split in struts2_rest_xstream
2019-07-10 11:15:36 -05:00
e6300bfd63
Fix cmd_psh_payload requiring an arch string
...
We may want to update Rex::Powershell to take the first in an array.
2019-07-09 17:43:23 -05:00
258f631f84
remove echo cmdstagerflavor
2019-06-26 13:56:13 -05:00
2f29c914ab
add changes, remove db backup delete code
2019-06-26 13:48:14 -05:00
5c14aea1a0
Fix target_platform check (it's empty, not nil)
2019-06-25 12:56:36 -05:00
cf140f0840
Make SRVHOST the callback address
2019-06-25 12:43:04 -05:00
2af76c1997
add documentation and finished module
2019-06-25 11:21:15 -05:00
44ad25ae34
Land #12008 , struts2_content_type_ognl 302 fix
2019-06-25 00:40:58 -05:00
303bfaa7eb
Don't worry about response code
...
I found one that returned a 302
2019-06-24 13:53:31 -05:00
54aff89563
add requests to create, remove, clean db backups
2019-06-21 16:00:56 -05:00
e43fc2d921
added skeleton, check method
2019-06-20 14:05:41 -05:00
8920152eca
Add a ZDI reference for CVE-2019-5420 Rails exploit
2019-06-20 10:43:21 -05:00
a0c6035380
Prefer initial slash in normalize_uri
...
I missed the indirect call in check. This decides on a style.
If a URI part contains a slash, we begin with a slash.
2019-05-30 00:08:17 -05:00
0b4cc5b547
Update go_go_gadget2
2019-05-22 15:03:44 -05:00
6d004862e4
Update go_go_gadget1
2019-05-22 15:03:44 -05:00
be89a4d9c5
Update exploit method
2019-05-22 15:03:05 -05:00
f70b3d13a0
Update metadata
2019-05-22 15:03:05 -05:00
966582a10c
Land #11833 , moodle_cmd_exec nil check
...
Merge branch 'land-11833' into upstream-master
2019-05-20 13:08:11 -05:00
0328814241
Indent ternary statement in struts2_rest_xstream
2019-05-20 12:35:52 -05:00
Shelby Pace