2924318ca5
update java_rmi_server modules with CVE
2017-06-02 12:59:48 -05:00
04a701dba5
Check template file extension name
2017-05-26 07:31:34 -05:00
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
3360171977
Land #8319 , Add exploit module for Mediawiki SyntaxHighlight extension
2017-05-17 23:23:50 -05:00
631267480d
Update module description
2017-05-16 14:48:46 -05:00
2ed8ae11b4
Add doc and make minor changes
2017-05-16 14:47:19 -05:00
27e1de14b0
BuilderEngine 3.5 Arbitrary file upload and execution exploit
2017-05-12 18:37:08 +02:00
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
fcf14212b4
Fixed disclosure date
2017-04-29 16:25:25 +02:00
f9e7715adb
Fixed formatting
2017-04-29 16:07:45 +02:00
1569d2cf8e
MediaWiki SyntaxHighlight extension exploit module
...
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
2017-04-29 14:29:56 +02:00
a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
3c2dc68e9c
improved description, no point repeating the same thing\!
2017-04-11 09:55:11 -05:00
c359e15de6
updated the print statement
2017-04-11 09:31:17 -05:00
84ac9d905c
improved the description of the module
2017-04-11 09:24:43 -05:00
b1d127e689
satisfied travis
2017-04-10 14:11:18 -05:00
0f07875a2d
added CVE-2016-7552/CVE-2016-7547 exploit
2017-04-10 13:32:58 -05:00
d10b3da6ec
Land #8132 , Support Python 2 & 3 for web_delivery
2017-03-21 13:48:27 -05:00
6b3cfe0a98
Support both Python 2 and Python 3 in one line
...
Tested on:
* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
2017-03-21 13:47:07 -05:00
2e096be869
Remove debugging output
2017-03-21 11:26:02 -05:00
ffe77c484e
fixed spacing
2017-03-20 16:37:35 +01:00
e51063aa56
added the python3 syntax to the web_delivery script
2017-03-20 16:08:08 +01:00
52cea93ea2
Merge remote-tracking branch 'upstream/master' into land-8118-
2017-03-17 12:39:30 -05:00
80c33fc27f
adding '-' to rails deserialization regex for cookie matching
2017-03-16 10:54:32 -05:00
59c7de671e
Updated rails_secret_deserialization to add '.' regex for cookie matching.
2017-03-16 10:45:43 -05:00
9201f5039d
Use vprint for check because of rules
2017-03-14 15:02:54 -05:00
f429b80c4e
Forgot to rm this when i combined
2017-03-14 12:18:11 -05:00
53c9caa013
Allow native payloads
2017-03-13 20:10:02 -05:00
2053b77b01
ARCH_CMD works
2017-03-13 18:37:50 -05:00
e7b65587b4
Move to a more descriptive name
2017-03-09 14:19:06 -06:00
e07d5332de
Don't step on the payload accessor
2017-03-09 13:54:00 -06:00
d92ffe2d51
Grab the os.name when checking
2017-03-09 13:52:58 -06:00
83f5f98bb0
Merge remote-tracking branch 'upstream/pr/8074' into land-8072
2017-03-09 11:08:29 -06:00
c5fb69bd89
Struts2 S2-045 Exploit 2017/03/08
2017-03-08 14:26:33 +08:00
b73a884c05
struts2_s2045_rce.rb
2017-03-08 13:38:18 +08:00
75a1d979dc
Fix: Incorrect disclosure month forma
2017-03-07 20:28:29 -06:00
fc0f63e774
exploit Apache Struts2 S2-045
2017-03-07 20:10:59 -06:00
83cc28a091
Land #7972 , Microsoft Office Word Macro Generator OS X Edition
2017-02-21 13:26:42 -06:00
dad21b1c1d
Land #7979 , another downcase fix for a password
2017-02-19 21:26:52 -06:00
92c1fa8390
remove downcase
2017-02-18 20:13:32 -05:00
7503f643cc
Deprecate windows/fileformat/office_word_macro
...
Please use exploits/multi/fileformat/office_word_macro instead,
because the new one supports OS X.
2017-02-16 12:32:14 -06:00
f113114643
Added assigned CVE.
2017-02-15 17:05:23 -05:00
026f6eb715
Land #7929 , improve php_cgi_arg_injection
2017-02-10 10:01:38 -06:00
e1a1ea9d68
Fix grammar
2017-02-08 19:26:35 -06:00
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
Jeffrey Martin