adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,334 Commits 27 Branches 1,043 Tags
f26c14f05ab7aecb995567be75a0f24dfd93d6b5
Commit Graph

3322 Commits

Author SHA1 Message Date
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
Vognik 071a4a34fc fix tests 2025-08-29 08:41:43 +04:00
Maksim Rogov 9b1d07dea8 removed unnecessary fail_with from check function 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-29 06:55:59 +03:00
Maksim Rogov bdad398541 Update Payload Generation 2025-08-25 15:49:30 +03:00
Vognik 92ddf5646a Code Review Edits from @msutovsky-r7 2025-08-24 19:13:16 +04:00
Vognik 7289c25faa Fix Tests 2025-08-24 12:12:22 +04:00
Vognik 2b01ba6200 Add XWiki Unauthenticated RCE (CVE-2025-24893) 2025-08-23 18:56:24 +04:00
Vlad Dmitrievich baa5469a21 Fix legacy method override in torchserver_cve_2023_43654 
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
 2025-08-22 17:01:41 +03:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00
Valentin Lobstein d79810a7e3 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:11 +02:00
Valentin Lobstein d625ab5fbc Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:01 +02:00
Valentin Lobstein 32f7754774 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-02 14:42:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk f7a649c121 Remove php mixin and arch 2025-07-01 19:43:21 +02:00
Chocapikk 5d9eb58848 Remove useless mixin 2025-07-01 19:39:26 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
msutovsky-r7 126bff18a1 Land #20346, fixes payload encoding and substitutes for smaller base64 encoder 
Use the smaller base64 encoder
 2025-06-27 17:15:05 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Spencer McIntyre 6334996e60 Use the smaller base64 encoder 2025-06-24 15:58:17 -04:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
Diego Ledda c0dfbf43f2 Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce 
vBulletin replaceAdTemplate Remote Code Execution
 2025-06-19 14:20:16 +02:00
Martin Sutovsky 3abe9b46c0 Addressing comments 2025-06-13 10:32:39 +02:00
msutovsky-r7 2e3b66612b Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:38:01 +02:00
msutovsky-r7 cb9f5e8743 Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:35:01 +02:00
Martin Sutovsky 0b2e4bc337 Adds module for CVE-2021-25094 2025-06-11 19:03:00 +02:00
msutovsky-r7 f2920f868a Land #20291, adds Roundcube post-authentication RCE (CVE-2025-49113) 
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
 2025-06-11 10:48:58 +02:00
Maksim Rogov 582e32c14e remove timeout 2025-06-11 11:05:33 +03:00
bcoles 304de9e1c9 Modules: Convert Privileged property to Boolean in several modules 2025-06-10 23:01:52 +10:00
Maksim Rogov 8fe5c91801 fix parsing.rb 2025-06-10 14:29:39 +03:00
Maksim Rogov 10ab54369d Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:18:44 +03:00
Maksim Rogov 97c493a924 Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:17:55 +03:00
Vognik d764237230 migrated to nokogiri methods for csrf token parsing 2025-06-10 14:54:09 +04:00
Maksim Rogov 5725e6faf7 Apply suggestions from code review 
Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2025-06-10 11:09:05 +03:00
Vognik 072ebafbcf fix naming 2025-06-09 19:32:31 +04:00
Vognik 46a36c9d4c refactor: update code per review 2025-06-09 19:28:38 +04:00
Brendan ebae201198 Merge pull request #20160 from zeroSteiner/feat/mod/payload/php-adapters 
Add PHP adapters and refactor PHP payloads
 2025-06-09 07:41:50 -05:00
Maksim Rogov 01f16ea802 Minor Fixes.rb 2025-06-08 12:47:08 +03:00
Maksim Rogov c63649a12d Update roundcube_auth_rce_cve_2025_49113.rb 2025-06-08 01:21:31 +03:00
Vognik f43e8863ad refactor: update code per review 2025-06-08 02:14:53 +04:00
Maksim Rogov 442b5aadf3 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-07 23:26:03 +03:00
Maksim Rogov 0426d3cb4f Rename roundcube_unauth_rce_cve_2025_49113.rb to roundcube_auth_rce_cve_2025_49113.rb 2025-06-07 16:14:28 +03:00