adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

3522 Commits

Author SHA1 Message Date
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Spencer McIntyre 18a4cf8c00 Use the ssl setting for HttpServer#start_service 2026-01-22 13:49:28 -05:00
Jack Heysel e9a6a6fd45 Responded to comments 2026-01-22 15:03:32 +01:00
Jack Heysel 96b788e1e8 Increase length of cron job name 2026-01-22 15:03:32 +01:00
Jack Heysel 0e0a6cc9cd Removed duplicate platform 2026-01-22 15:03:31 +01:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
Jack Heysel 927f5330f4 Rubocop fixes 2026-01-21 14:56:08 -08:00
Jack Heysel c45309e9ab Added payload length guards 2026-01-21 11:34:21 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
MatDupas b46649769e Fix formatting issues in oracle_ebs exploit script 2026-01-21 09:00:52 +01:00
MatDupas a05863f6f6 Clean up comment in generate_xsl_payload method 
Removed comment about generating XSLT payload.
 2026-01-21 08:57:10 +01:00
MatDupas cb3df4b4de Refactor payload options in Oracle EBS exploit 2026-01-21 08:56:01 +01:00
MatDupas c5df078b41 Clarify payload option comment in exploit module 
Updated the comment for the payload option to clarify usage.
 2026-01-21 08:54:53 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
MatDupas c351514291 Refine description for Oracle EBS CVE-2025-61882 exploit 
Updated the description of the Oracle E-Business Suite CVE-2025-61882 RCE exploit module to provide more detailed information about the exploit mechanism and affected versions.
 2026-01-20 21:09:25 +01:00
MatDupas 37c69a9bf1 Refactor Oracle EBS CVE-2025-61882 exploit module 
Updated the Oracle E-Business Suite exploit module to fix rubocop linting errors
 2026-01-20 09:12:05 +01:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
MatDupas bff88db29b Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:07:45 +01:00
MatDupas 9377662118 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:06:47 +01:00
MatDupas 68f7d42bb8 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:04:59 +01:00
MatDupas 47d0b1c208 Clarify default payload comment in exploit module 
Updated the comment for the default payload option to clarify its usage.
 2026-01-19 10:47:47 +01:00
MatDupas 141fa5a169 Refactor smuggling payload creation and session handling 
Refactor HTTP request smuggling logic and error handling.
 2026-01-19 10:41:23 +01:00
MatDupas daf0fc89fc Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-19 10:34:24 +01:00
MatDupas 21a1245a77 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 16:13:55 +01:00
MatDupas ec31ff1351 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 16:08:43 +01:00
MatDupas 607f4651a5 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 12:26:52 +01:00
Brendan ade984aead Merge pull request #20793 from Chocapikk/avideo-v2 
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
 2026-01-15 17:36:07 -06:00
msutovsky-r7 eae97b314a Land #20810, adds module for authenticated RCE in n8n (CVE-2025-68613) 
Adds module for n8n workflow expression RCE (CVE-2025-68613)
 2026-01-13 16:51:06 +01:00
Martin Sutovsky fec9388c33 Adds comment 2026-01-13 16:31:01 +01:00
Martin Sutovsky 7b55f22afb Fixes payload delivery and execution to support all vulnerable versions 2026-01-13 15:37:12 +01:00
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
jheysel-r7 dc5039b84c Update modules/exploits/multi/http/cacti_graph_template_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2026-01-09 09:46:08 -08:00
Martin Sutovsky 5e8ec214e9 Fixes cleanup 2026-01-09 11:58:53 +01:00
jheysel-r7 ae4a5ac986 Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info 
Merge target info into the module info
 2026-01-08 18:01:14 -08:00
jheysel-r7 b9be6ac259 Merge pull request #20785 from Chocapikk/react2shell-clean 
Update react2shell module: Add Waku framework support
 2026-01-08 17:58:48 -08:00
Valentin Lobstein ae58da4d4b Update modules/exploits/multi/http/avideo_notify_ffmpeg_unauth_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2026-01-08 17:03:53 +01:00
Valentin Lobstein 7b1e7d5320 Apply review feedback: move Space limits to targets, use CheckCode::Detected 
Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com>
 2026-01-08 16:59:17 +01:00
Valentin Lobstein 0583a4c983 Apply review feedback: revert Platform, simplify framework_config, improve Waku detection 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2026-01-08 16:50:55 +01:00
Martin Sutovsky de411e717d More reliable check method 2026-01-08 16:26:17 +01:00
Martin Sutovsky a11214466e Updates module 2026-01-08 11:57:06 +01:00
Martin Sutovsky 2df640efb4 Fixes payload delivery 2026-01-08 11:45:14 +01:00
Martin Sutovsky 3d541672cb Updates payload 2026-01-08 08:07:52 +01:00
msutovsky-r7 b39e781500 Land #20700, adds module for Taiga.io RCE (CVE-2025-62368) 
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
 2026-01-07 11:53:32 +01:00
JohannesLks 78052b4ac1 multiple Improvements 2025-12-25 11:47:23 -05:00
JohannesLks 2cadcfe6ab add CVE-2025-68613 2025-12-25 11:21:28 -05:00
Jack Heysel 3c57c71baf Windows support 2025-12-22 19:27:37 -08:00
Valentin Lobstein 573a74dfa0 Add view/info.php endpoint to system root path leak (CVE-2025-34433) 2025-12-19 22:35:09 +01:00
Valentin Lobstein d8177fe9a1 DRY extract_system_root_from_cache 2025-12-19 22:05:29 +01:00