5f66b7eb1a
Land #8940 , @h00die's second round of desc fixes
...
One ninja edit along the way as well.
2017-09-11 13:05:13 -05:00
54a62976f8
update versions and add quick module docs
2017-09-08 13:59:29 -05:00
978fdb07b0
Comment out PSH target and explain why
...
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
2017-09-08 13:41:06 -05:00
2ebf53b647
Minor tweaks...
2017-09-08 10:04:47 -05:00
00c593e0a2
55 pages of spelling done
2017-09-07 21:18:50 -04:00
a9a307540f
Assign cmd to entire case and use encode for XML
...
Hat tip @acammack-r7. Forgot about that first syntax!
2017-09-07 19:36:08 -05:00
8f1e353b6e
Add Apache Struts 2 REST Plugin XStream RCE
2017-09-07 19:30:48 -05:00
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
202c936868
Land #8826 , git submodule remote command execution
2017-08-29 18:11:32 -05:00
46eeb1bee0
update style
2017-08-29 17:44:39 -05:00
39299c0fb8
randomize submodule path
2017-08-29 16:54:08 +08:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
8f17d536a7
Update phpmailer_arg_injection.rb
...
Removed second parameter as it was not necessary. Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
2017-08-24 00:29:28 -06:00
c49b72a470
Follow 301 re-direct
...
I found that in some cases, the trigger URL cannot be accessed directly. For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example". It isn't until hitting "/example" that the php is executed. This small change will just allow the trigger to follow one 301 redirect.
2017-08-23 18:53:54 -06:00
eabe4001c2
Land #8492 , Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-08-20 18:48:22 -05:00
7881a7ddc4
git submodule command exec
2017-08-13 11:47:44 +08:00
7e860571ae
fix bug where api_token auth was being used without token being set
2017-08-09 12:30:26 -04:00
9bb102d72d
add jenkins v2 cookie support
2017-08-09 12:29:31 -04:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
df024bb594
Remove duplicate setting of suhosin.simulation
2017-07-10 00:46:05 +03:00
7e1b50ab3b
Land #8629 , AKA (also known as) module reference
2017-06-28 19:15:45 -05:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
43d8c4c5e7
Land #8519 , Apache ActiveMQ file upload exploit
2017-06-28 17:19:39 -05:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
b51fc0a34e
Land #8489 , more httpClient modules use store_valid_credential
2017-06-21 17:18:34 -05:00
58cd432120
Added docs, minor code tweak to remove duplication.
2017-06-19 17:35:41 -05:00
49d998f7d9
catch invalid tokens
2017-06-15 21:45:29 -04:00
f4ffade406
add ability to specify API token instead of password
2017-06-15 21:05:53 -04:00
0766f92013
Add option for workspace
2017-06-13 12:46:36 +00:00
d641058f75
Added module to exploit ActiveMQ CVE-2016-3088
2017-06-06 11:33:42 -07:00
218ec96009
Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-05-31 13:00:35 +00:00
0e145573fc
more httpClient modules use store_valid_credential
2017-05-30 14:56:05 -05:00
3360171977
Land #8319 , Add exploit module for Mediawiki SyntaxHighlight extension
2017-05-17 23:23:50 -05:00
631267480d
Update module description
2017-05-16 14:48:46 -05:00
2ed8ae11b4
Add doc and make minor changes
2017-05-16 14:47:19 -05:00
27e1de14b0
BuilderEngine 3.5 Arbitrary file upload and execution exploit
2017-05-12 18:37:08 +02:00
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
fcf14212b4
Fixed disclosure date
2017-04-29 16:25:25 +02:00
Tod Beardsley