adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

906 Commits

Author SHA1 Message Date
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
MatDupas 54c6e18505 Update documentation/modules/exploit/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 12:26:18 +01:00
Brendan ade984aead Merge pull request #20793 from Chocapikk/avideo-v2 
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
 2026-01-15 17:36:07 -06:00
Valentin Lobstein b2abdb21de Fix AVideo lab documentation: update file editing instructions 
Updated the note to provide a working method to edit configuration.php. Users can enter the container shell or copy the file out for editing.
 2026-01-14 00:35:39 +01:00
Valentin Lobstein ae4babbcf1 Fix AVideo lab documentation: remove broken sed command 
Removed the broken sed command that doesn't work correctly. Updated note to specify editing /var/www/html/AVideo/videos/configuration.php manually with an editor instead.
 2026-01-14 00:34:35 +01:00
Valentin Lobstein 37f9802b83 Update AVideo lab documentation: remove automatic sed fix, specify file to edit 
Removed mention of automatic sed fix in docker-entrypoint. Updated note to specify that users should manually edit /var/www/html/AVideo/videos/configuration.php if they encounter redirect issues with webSiteRootURL.
 2026-01-14 00:34:10 +01:00
Valentin Lobstein 733455eb53 Change port to 80 in AVideo lab documentation 
Changed HTTP_PORT from 9999 to 80 in the documentation to use the correct URL directly. This fixes the webSiteRootURL issue where AVideo was generating incorrect URLs with the mapped port instead of the container's internal port.
 2026-01-14 00:32:43 +01:00
Valentin Lobstein f6430ee093 Fix MariaDB tc.log corruption issue in AVideo lab setup 
The MariaDB container fails to start with 'Bad magic header in tc log' error
when the data directory has incorrect permissions or was previously corrupted.
This occurs during first-time setup of the AVideo lab environment.

The fix:
- Creates a custom entrypoint script that detects and removes corrupted tc.log
  files by checking the magic header (should be 01 00 00 00)
- Modifies Dockerfile.mariadb to integrate the fix script into the original
  MariaDB entrypoint using sed
- Ensures the fix runs automatically before MariaDB initialization

This allows the lab to start successfully on first run without manual intervention.

Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com>
 2026-01-13 22:31:38 +01:00
msutovsky-r7 eae97b314a Land #20810, adds module for authenticated RCE in n8n (CVE-2025-68613) 
Adds module for n8n workflow expression RCE (CVE-2025-68613)
 2026-01-13 16:51:06 +01:00
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
Jack Heysel cdebe41d6c Revert unintended change 2026-01-09 09:55:22 -08:00
JohannesLks d45e91b130 typo 2026-01-09 10:48:30 -05:00
jheysel-r7 b9be6ac259 Merge pull request #20785 from Chocapikk/react2shell-clean 
Update react2shell module: Add Waku framework support
 2026-01-08 17:58:48 -08:00
msutovsky-r7 b39e781500 Land #20700, adds module for Taiga.io RCE (CVE-2025-62368) 
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
 2026-01-07 11:53:32 +01:00
JohannesLks 2cadcfe6ab add CVE-2025-68613 2025-12-25 11:21:28 -05:00
Jack Heysel 3c57c71baf Windows support 2025-12-22 19:27:37 -08:00
Jack Heysel a44fc954a2 Cacti Graph Template authenticated RCE 2025-12-22 00:53:13 -08:00
Valentin Lobstein 8df7347791 Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433) 2025-12-19 21:51:41 +01:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
Valentin Lobstein 080f74f862 Update Web-Check documentation with docker-compose.yml setup instructions 2025-12-18 19:19:17 +01:00
Valentin Lobstein 5178cdee42 Update Web-Check documentation with git clone command 2025-12-18 18:56:18 +01:00
Valentin Lobstein 13f102eb5b Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778) 2025-12-18 18:51:12 +01:00
Valentin Lobstein 3b407575fa Update react2shell module: Add Waku framework support 2025-12-17 23:07:01 +01:00
vognik 8977538910 add docker lab deploy guide into docs 2025-12-13 12:28:55 -08:00
vognik da0dc35cb8 add documentation 2025-12-12 13:44:44 -08:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
MatDupas 591a2706cb Fix setup guide link for Oracle EBS 
Updated the link to the Oracle EBS setup guide to an archived version.
 2025-12-11 19:24:16 +01:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
Mathieu Dupas 9989fa6d39 Add SRVPORT info 2025-12-05 12:14:15 +01:00
MatDupas cd2e13c71d Document CVE-2025-61882 exploit for Oracle EBS 
Added documentation for CVE-2025-61882 exploit module in Oracle EBS, detailing vulnerability, testing setup, verification steps, and usage scenarios.
 2025-12-05 11:05:42 +01:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00