adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,996 Commits 27 Branches 1,043 Tags
e2e8568860e381fc09e1ecedd5ddfc6fdfa3ce99
Commit Graph

3211 Commits

Author SHA1 Message Date
jheysel-r7 0d6195a9ae Merge branch 'master' into proftpd_modcopy_exec 2023-03-24 21:16:54 -04:00
Jack Heysel b7ac6d45d5 Land #17789, proftpd_modcopy_exec enhancements 
This PR add documentation, notes, a reference URL, and a few
general code improvements to the check and exploit methods.
 2023-03-24 21:08:28 -04:00
bcoles 69daea95d6 exploit/unix/ftp/proftpd_modcopy_exec: Add docs and resolve RuboCop violations 2023-03-23 18:13:20 +11:00
space-r7 67ac2dc584 Land #17771, add monitorr file upload rce 2023-03-22 13:00:38 -05:00
Jack Heysel 1f2a889d0c Land #17388, Zyxel router RCE 
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
 2023-03-21 15:07:04 -04:00
h00die-gr3y c5ed25cd6c small update to documentation on vulnerable releases 2023-03-20 21:12:49 +00:00
h00die-gr3y e3df74ee5b Updates addressing review points of space-r7 2023-03-20 21:04:58 +00:00
bcoles 1b7cee4589 exploit/unix/ftp/proftpd_modcopy_exec: Add docs and resolve RuboCop violations 2023-03-19 15:35:36 +11:00
Jack Heysel 31a32ccd9b linting and srvhost check fix 2023-03-17 14:39:02 -04:00
jheysel-r7 764abaf087 Update documentation/modules/exploit/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-03-17 12:59:48 -04:00
Christophe De La Fuente 0df12fd694 Land #17754, Open web analytics 1.7.3 remote code execution 2023-03-17 10:15:33 +01:00
Christophe De La Fuente daadb4f523 Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781) 2023-03-16 11:01:07 +01:00
space-r7 8a76dab0bd update line numbers 2023-03-15 13:24:33 -05:00
space-r7 22c05105d3 address review comments 
reduces some code duplication, sets privileged to true,
and modifies documentation to reflect lhost / rhost opts
 2023-03-15 11:18:03 -05:00
Pflegusch 3bf60a57ae Fix typo 2023-03-15 01:54:36 +01:00
Pflegusch cea8aa8e02 Update open_web_analytics_rce.md to work with latest code changes 2023-03-15 01:34:02 +01:00
space-r7 fddcae3d93 don't always create repo 2023-03-14 19:03:58 -05:00
Pflegusch bb9e214282 Fix line too long in open_web_analytics_rce docs 2023-03-15 00:01:15 +01:00
Pflegusch e160e51711 Fix typos, update docs with advanced option SearchLimit, implement SearchLimit into module 2023-03-14 23:29:55 +01:00
Pflegusch 3196a52bdf fix msftidy_docs.rb issues 2023-03-14 21:43:07 +01:00
Grant Willcox c53a22d3fb Land #17750, FortiNAC keyUpload.jsp arbitrary file write CVE-2022-39952 2023-03-14 11:09:40 -05:00
Grant Willcox 7217a60e41 Update documentation to provide better installation instructions 2023-03-14 10:13:27 -05:00
Grant Willcox 4a4b2a28d2 Update documentation to provide better installation instructions 2023-03-14 09:21:08 -05:00
cgranleese-r7 ec7347cd49 Land #17509, tomcat 7 priv esc on rhel based systems (cve-2016-5425) 2023-03-14 10:16:18 +00:00
Grant Willcox 3bd4c15704 Correct architecture and do final fixes 2023-03-13 15:46:42 -05:00
space-r7 4bb843fe70 add documentation, adjust method of getting ids 2023-03-13 15:31:41 -05:00
h00die-gr3y 015d79a4c2 added documentation 2023-03-13 18:05:08 +00:00
Pflegusch ddd594ac62 Update example in docs for latest code changes 2023-03-11 17:26:21 +01:00
Jack Heysel 2a9ddae531 Updated description 2023-03-09 17:43:14 -05:00
Jack Heysel 06e7c3d702 Responded to comments updated docs 2023-03-09 17:39:53 -05:00
Pflegusch 85185633b7 Use single back ticks and 3 instead of 4 at the end 2023-03-09 16:58:04 +01:00
h00die-gr3y fc711131a2 added MIME, added break in mixin and added link with installation instructions 2023-03-09 09:28:46 -06:00
Grant Willcox deafceed00 Update documentation, library, and Gemspec from review 2023-03-09 09:28:27 -06:00
h00die-gr3y dc8ebb722a Added support for native PHP payloads and reengineered webshells 2023-03-09 09:28:03 -06:00
h00die-gr3y c844d4d714 removed check and fix up some code 2023-03-09 09:27:29 -06:00
h00die-gr3y 771f32bd8a Add documentation and apply code updates 2023-03-09 09:27:03 -06:00
Pflegusch 14b5c08a62 Fix the double slash in the shell url 2023-03-09 14:28:15 +01:00
Pflegusch ae7ca169fe Use the same IP as in the example 2023-03-09 14:08:50 +01:00
Pflegusch 3847c410b0 Small changes to the open_web_analytics_rce documentation 2023-03-09 14:05:06 +01:00
Pflegusch 7b0a54bb56 Add the documentation for the module 2023-03-09 13:59:27 +01:00
Grant Willcox 100cfbccf9 Fix up some more slight things in documentation. Also tidy up some things in the module 2023-03-08 17:25:56 -06:00
Grant Willcox eeb30d2426 Fix up some typos etc from review in documentation 2023-03-08 16:44:06 -06:00
Jack Heysel dfae7e2fc4 FortiNAC keyUploap.jsp arbitrary file write CVE-2022-39952 2023-03-08 14:06:28 -05:00
Spencer McIntyre a418bd9c65 Land #17638, Lucee Scheduled Job RCE 2023-03-02 08:57:19 -05:00
JBince 1245124afa updated docs to reflect changes from smcintyre-r7 2023-02-28 19:58:39 -06:00
Jack Heysel 3abd62076c Land #17624, Oracle E-Business Suite Module 
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
 2023-02-28 17:04:20 -05:00
Spencer McIntyre a916163b49 Cleanup files and fixup messages 2023-02-28 16:41:57 -05:00
JBince 8b03f2fda8 Reworked payload execution logic 2023-02-27 11:09:34 -06:00
Jack Heysel 5311a491e9 Froxlor 2.0.7 is actually vulnerable too 2023-02-24 13:18:34 -05:00
space-r7 9621f77bac Land #17640, add Froxlor RCE 2023-02-22 12:11:38 -06:00