adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,617 Commits 27 Branches 1,043 Tags
ec5892ff1f7d6fcdcd625faa5bb05ddaaa6938a2
Commit Graph

18716 Commits

Author SHA1 Message Date
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Valentin Lobstein fdbf7dd3ef Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-20 18:54:03 +02:00
Takah1ro 91167fc85f Remove unnecessary option 2024-08-20 21:44:11 +09:00
Takah1ro 4d1782640b Update sideeffects 2024-08-20 19:12:18 +09:00
Takah1ro 01b2a1c55c Enable fetch payload 2024-08-20 13:20:42 +09:00
Takah1ro 45677898a8 Add TARGET_URI 2024-08-20 13:08:01 +09:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Takah1ro 99c81d7821 Set default fetch_command to wget 2024-08-20 08:59:39 +09:00
Takah1ro 64bdf54bb0 Use Fetch Payload (Not tested) 2024-08-20 08:56:05 +09:00
Takah1ro a5b9d553fa Update check to use version info 2024-08-20 08:25:27 +09:00
Takah1ro 5be7e09ff0 Update check to use version info 2024-08-20 08:21:48 +09:00
h4x-x0r 362b2427dc Error handling and code cleanup 
Error handling and code cleanup
 2024-08-19 22:47:19 +01:00
Chocapikk 334a9bafa9 Use encoder/php/base64 2024-08-19 18:26:19 +02:00
Chocapikk 3d00f819c6 Update 2024-08-20 07:04:30 +02:00
Chocapikk b0f3bf1576 Add credit 2024-08-20 07:02:59 +02:00
Chocapikk eaf5661896 Lint 2024-08-19 19:27:29 +02:00
Valentin Lobstein f65ccbec73 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:23:59 +02:00
Valentin Lobstein 6ad0b56099 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:16 +02:00
Valentin Lobstein 718c215b96 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:09 +02:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
Takah1ro eeab7ce2a2 Proceed when user specified cmd fails 2024-08-16 08:23:50 +09:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00
dledda-r7 f211fcb6a6 Land #19370, LG Simple Editor Command Injection 2024-08-14 10:22:29 -04:00
cgranleese-r7 36322ff274 Land #19348, Apache HugeGraph Gremlin RCE (CVE-2024-27348) 2024-08-14 10:06:21 +01:00
h4x-x0r 39d615e8d2 Added TARGETURI option 
Added TARGETURI option
 2024-08-13 20:29:30 +01:00
jheysel-r7 47e5d62ade Update modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb 2024-08-13 08:48:33 -07:00
jheysel-r7 e04e22bc30 Apply suggestions from code review 2024-08-13 08:40:20 -07:00
Takah1ro cf15124cc8 Add not null check 2024-08-09 15:34:14 +09:00
Takah1ro c36c2eea38 Separate modules 2024-08-09 08:51:14 +09:00
h4x-x0r 8e4503061a Removed debugging code 
Removed debugging code
 2024-08-07 15:23:15 +01:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00
Takah1ro 1f68919a42 Fail if optional but required option not set 2024-08-07 13:01:23 +09:00
Takah1ro f168246796 Correct vulnerable version 
<=v2.6.3 == <v2.8.1
 2024-08-07 12:49:17 +09:00
Takah1ro a57678c8d3 Formatting 2024-08-07 08:51:22 +09:00
Takah1ro 4e99e7dfe7 Use Vulnerable when lfi 2024-08-07 08:50:42 +09:00
Takah1ro 92e2694ac5 Use Detected instead of Appears 2024-08-07 08:46:44 +09:00
Takah1ro b7e4247d22 Avoid using CVE as option 2024-08-07 08:43:57 +09:00
Takah1ro c71894f3c4 Remove unnecessary DefaultOptions 2024-08-07 08:21:15 +09:00
h00die-gr3y 8b3392a756 changed check to Appears when vulnerable 2024-08-06 21:00:06 +00:00
Takah1ro b487dadf8c Remove explicit return 2024-08-05 13:01:11 +09:00
Takah1ro 0251f1bd8d Rubocop formatting 2024-08-04 22:10:15 +09:00
Takah1ro 729ecc588a Formatting lfi output 2024-08-04 22:07:53 +09:00