adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,334 Commits 27 Branches 1,043 Tags
f26c14f05ab7aecb995567be75a0f24dfd93d6b5
Commit Graph

1592 Commits

Author SHA1 Message Date
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
sfewer-r7 228a066521 add a reference to the Kaspersky analysis which covers all 4 CVEs 2025-07-25 12:26:55 +01:00
sfewer-r7 36fff14466 fix a comment typo 2025-07-25 11:04:18 +01:00
sfewer-r7 f16f7bf2ad add in reference to teh LeakIX blog, which shows CVE-2025-53771 2025-07-25 11:02:55 +01:00
sfewer-r7 ae95d3d4e8 add a comment to clarify what CVE-2025-53771 is 2025-07-25 11:02:08 +01:00
sfewer-r7 8df7f64e79 add some comments to clarify what CVE-2025-49704 is 2025-07-25 11:01:41 +01:00
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
cgranleese-r7 42f31c0fce Fixes some conditionals in modules 2025-06-20 14:57:03 +01:00
bcoles 3272ee0f28 Modules: Convert DisableNops property to Boolean in several modules 2025-06-10 23:57:52 +10:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
h4x-x0r 647545c5ef Update magicinfo_traversal.rb 2025-05-15 22:13:08 +01:00
h4x-x0r bd181f8a13 Update magicinfo_traversal.rb 2025-05-15 22:11:23 +01:00
h4x-x0r 6d2a1e529e Update magicinfo_traversal.rb 2025-05-15 20:11:59 +01:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00
h4x-x0r 803581ab81 CVE-2024-7399 2025-05-09 17:27:22 +01:00
h00die-gr3y 2baabfa17b update check method to detected other vulnerable services 2025-05-03 14:08:49 +00:00
h00die-gr3y 1c5be6154a second release including Triofox + documentation 2025-05-02 20:42:14 +00:00
h00die-gr3y a6aca51230 initial module 2025-04-28 21:00:55 +00:00
Jack Heysel 4c5e0203dd Refactor pgAdmin modules to use new lib 2025-04-11 15:55:46 -07:00
Jack Heysel fa0c29837e Update author, rubocop, msftidy_docs 2025-03-27 09:36:10 -07:00
Jack Heysel d54e8d8749 Add check method that returns Detected 2025-03-27 09:28:28 -07:00
Jack Heysel 24a785d6b0 Target and metadata updates 2025-03-25 11:56:15 -07:00
Jack Heysel abeeb091fd Rubocop 2025-03-25 11:18:48 -07:00
machang-r7 a0ca1b10af Create sitecore_xp_cve_2025_27218.rb 2025-03-05 17:54:54 -05:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Jack Heysel 434593dcb4 Suggestion and rubocop fixes 2024-09-05 08:49:32 -07:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
igomeow d0d4c3083a Fixing error message 2024-08-28 18:33:31 +02:00
igomeow 2b7cf76fc8 Fixing wrong SideEffects and Reliability values 2024-08-28 18:20:20 +02:00
igomeow 251c1c0c1e Adding check for host operating system 2024-08-28 18:17:36 +02:00
igomeow 6326cac8d4 Fixing nil safe issue 2024-08-26 23:23:43 +02:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow d1ce041fd0 Inital commit and Rubocop fixes 2024-08-26 19:27:20 +02:00
h4x-x0r 39d615e8d2 Added TARGETURI option 
Added TARGETURI option
 2024-08-13 20:29:30 +01:00
h4x-x0r 8e4503061a Removed debugging code 
Removed debugging code
 2024-08-07 15:23:15 +01:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00
redwaysecurity.com a812617fee Removed "ssl_restore = true" 2024-07-26 17:30:25 +02:00
Jack Heysel 2ffe027eab Responded to comments 2024-07-25 09:14:27 -07:00