1f2a889d0c
Land #17388 , Zyxel router RCE
...
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
2023-03-21 15:07:04 -04:00
f5d1aab01a
Changed send_request_cgi to raw
2023-03-21 14:26:05 -04:00
31a32ccd9b
linting and srvhost check fix
2023-03-17 14:39:02 -04:00
56761a2f6d
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:01:02 -04:00
6b853b57c6
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:00:15 -04:00
df365b55a4
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2023-03-17 12:57:06 -04:00
c53a22d3fb
Land #17750 , FortiNAC keyUpload.jsp arbitrary file write CVE-2022-39952
2023-03-14 11:09:40 -05:00
ec7347cd49
Land #17509 , tomcat 7 priv esc on rhel based systems (cve-2016-5425)
2023-03-14 10:16:18 +00:00
3bd4c15704
Correct architecture and do final fixes
2023-03-13 15:46:42 -05:00
8dfe58e617
review comment
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-03-13 14:42:26 -04:00
2a9ddae531
Updated description
2023-03-09 17:43:14 -05:00
06e7c3d702
Responded to comments updated docs
2023-03-09 17:39:53 -05:00
63e2376f64
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2023-03-09 12:31:30 -05:00
100cfbccf9
Fix up some more slight things in documentation. Also tidy up some things in the module
2023-03-08 17:25:56 -06:00
d31220ef1e
Updated references
2023-03-08 14:17:34 -05:00
263223b783
Last second file reorganization fix
2023-03-08 14:08:46 -05:00
dfae7e2fc4
FortiNAC keyUploap.jsp arbitrary file write CVE-2022-39952
2023-03-08 14:06:28 -05:00
9dcaf93b29
Replace deprecated File.exists? with File.exist?
2023-03-05 14:30:47 +11:00
3abd62076c
Land #17624 , Oracle E-Business Suite Module
...
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
2023-02-28 17:04:20 -05:00
ca6faed172
Check method enhancement
2023-02-24 13:33:10 -05:00
5311a491e9
Froxlor 2.0.7 is actually vulnerable too
2023-02-24 13:18:34 -05:00
9621f77bac
Land #17640 , add Froxlor RCE
2023-02-22 12:11:38 -06:00
bf7884b2dc
Removed need to auth twice when AutoCheck enabled
2023-02-22 12:28:28 -05:00
0c8df1a67b
Updated docs and module suggetsions
2023-02-22 00:33:40 -05:00
42146fc4ec
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 23:02:49 -05:00
80cec400bf
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:59:23 -05:00
fc5f4983f6
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:49 -05:00
647418745f
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:41 -05:00
e625e2e474
Land #17652 , module for pyload js2py exploit
...
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
2023-02-21 16:27:04 -05:00
963b9a9952
Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587
2023-02-21 18:02:10 +00:00
3854c30a11
more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7
2023-02-21 18:00:17 +00:00
c713da368d
Add in a few fixes from the review
2023-02-17 14:52:57 -06:00
73e82274dd
changes as per @gwillcox-r7 review
2023-02-17 13:10:53 +00:00
44c393e2f1
Fixed netcat session cleanup
2023-02-16 13:14:24 -05:00
1c49b002d2
Changed get_csrf to use xpath
2023-02-16 10:47:04 -05:00
00d1637f3d
Changed check method to use xpath
2023-02-16 10:33:15 -05:00
ecd5ad29a7
Add module docs
2023-02-15 16:29:42 -05:00
5d8b1dc4a6
Link Hadoop YARN exploit to documentation
...
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
2023-02-15 21:17:26 +01:00
557042c91c
Initial exploit is working
2023-02-15 14:18:25 -05:00
8aed02de3d
Linting
2023-02-14 10:39:47 -05:00
ff159c8760
Updated TODO
2023-02-13 20:24:32 -05:00
ca0b1ffe05
Documentation fixes
2023-02-13 19:56:23 -05:00
2e195b2742
Initial commit Froxlor RCE
2023-02-13 19:39:18 -05:00
d012145726
Land #17599 , Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707
2023-02-13 17:50:06 -06:00
96fecb6048
Modified BadChars and FailWith codes
2023-02-13 17:49:09 -05:00
45e453d687
Fix up remaining review comments
2023-02-13 15:07:25 -06:00
79b1801a4f
Rewrote check method to only abuse authentication bypass. Added additional status checks.
2023-02-11 17:43:33 -05:00
a3f4dceb5b
clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this.
2023-02-10 13:03:23 +00:00
dc8ee988f5
use Rex::Version in the check method for better version comparisons
2023-02-10 10:45:32 +00:00
a19bdde276
pass the 'bne:uueupload' param via the vars_get option
2023-02-10 10:44:21 +00:00
Jack Heysel