f3a220518a
Land #19394 , SPIP Unauthenticated RCE Exploit
2024-08-21 13:58:26 +01:00
62ab17b14d
Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload.
2024-08-20 19:41:05 +02:00
fdbf7dd3ef
Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-20 18:54:03 +02:00
334a9bafa9
Use encoder/php/base64
2024-08-19 18:26:19 +02:00
3d00f819c6
Update
2024-08-20 07:04:30 +02:00
b0f3bf1576
Add credit
2024-08-20 07:02:59 +02:00
eaf5661896
Lint
2024-08-19 19:27:29 +02:00
f65ccbec73
Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-18 21:23:59 +02:00
6ad0b56099
Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-18 21:22:16 +02:00
718c215b96
Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-18 21:22:09 +02:00
3d90eb0f43
Add spip_porte_plume_previsu_rce
2024-08-16 10:50:23 +02:00
1390251e87
Code cleanup
...
Updated code for version detection and exploit invocation
2024-08-03 05:13:33 +01:00
2ce0a7a3fd
v7.15 Support added
...
Updated to work with v7.15 too.
2024-08-02 15:43:26 +01:00
6dbb264a0d
Calibre Python Code Injection (CVE-2024-6782)
...
New Exploit Module for Calibre Python Code Injection (CVE-2024-6782)
2024-08-02 06:03:15 +01:00
ba7c7b6456
Land #19298 , OpenMediaVault authenticated RCE [CVE-2013-3632]
2024-07-30 17:40:39 +02:00
c94dc8f28c
changes based on cdelafuente-r7 comments
2024-07-29 14:02:29 +00:00
62a3f73e70
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
4d485acb73
Remove Windows target since it doesn't work for now
2024-07-19 16:19:56 +02:00
a9f8475bf5
moved module + doc to exploit/unix/webapp
2024-07-16 15:50:20 +00:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
8a0c65e603
Update geoserver_unauth_rce_cve_2024_36401.rb
...
looks like a copy/paste typo from another exploit
2024-07-16 11:20:35 +02:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
c5dad68322
Remove comma after the last item of a hash
2024-07-12 13:38:59 -04:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
1ee2131d8d
update based on cgranleese-r7 review comments
2024-07-11 16:12:52 +00:00
f9bd079618
Apply suggestions from code review
2024-07-10 20:45:53 -04:00
28d6ef92dd
fourth release module
2024-07-10 21:44:28 +00:00
198f3f8d9b
update based on review comments of jvoisin
2024-07-10 11:05:22 +00:00
92637c4293
third release module
2024-07-09 21:54:55 +00:00
108e60ae4d
Peer review suggestion to swap out fail_with for print_error
...
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
2024-07-09 16:23:25 -05:00
abb02a91d5
Add suggested Appears/Safe change from peer review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-09 16:16:41 -05:00
0852fbfeb8
Remove two whitespaces that snuck in
2024-07-09 14:34:33 -05:00
8ee90bf2c7
Adding module for CVE-2024-21683
...
This adds a module to exploit an authenticated admin-level Rhino script engine injection vulnerability for RCE in Atlassian Confluence.
2024-07-09 14:19:15 -05:00
1abc42a873
Add module
2024-07-09 18:34:27 +02:00
702aff81ce
second release module
2024-07-08 19:35:34 +00:00
8e598acaeb
first draft release
2024-07-08 06:53:16 +00:00
2e1dfa62c1
One small change in check method
2024-07-05 06:55:37 +00:00
7ad152694a
Addressed two more review comments
2024-07-04 20:49:17 +00:00
594de4681f
Second release module addressing cdelafuente-r7 comments and added documentation
2024-07-04 20:31:02 +00:00
562e93fe3b
First release module
2024-07-02 14:54:04 +00:00
c1826cd2f3
Land #18829 , Allow multiple HttpServers in module
...
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
2024-06-18 09:51:38 -07:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
ade11a5a4b
Added default options fixed Verification Steps
2024-06-14 16:41:12 -07:00
1dfd5da51e
Apache OFBiz Dir Traversal RCE
2024-06-14 16:41:12 -07:00
8fc6e20cec
Update other modules to use java_class_loader_start_service and cmdstager_start_service
2024-06-14 12:57:42 +02:00
70b21ff3f2
Update manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
2024-06-13 16:53:07 +02:00
b9b638dd83
Land #19196 , Cacti import package RCE
...
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
2024-06-12 15:43:46 -07:00
dwelch-r7