f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
60149259a2
Land #17856 , RCE exploit for CVE-2023-26359 (Adobe ColdFusion) and an auxiliary module for arbitrary file read via the same vuln.
2023-04-28 19:27:15 +02:00
63115c9415
Land #17857 , add T3S support for weblogic modules
2023-04-27 11:37:37 -05:00
e54774fd20
ensure SRVHOST is a routable IP
2023-04-17 13:01:30 +01:00
5d05754d9b
update the AKB URL to reference the changed CVE
2023-04-14 17:44:38 +01:00
e6211175b3
rename the files to the correct CVE
2023-04-14 15:52:13 +01:00
b5ea420760
On April 12 Adobe reclassified CVE-2023-26360 from an Improper Access Controll vuln to a Deserialization of Untrusted Data vuln. A private report has confirmed that CVE-2023-26359 is a similar yet seperate vuln, so I am changing the CVE associated with these two modules from CVE-2023-26359 to CVE-2023-26360 as we now beliee this is the correct CVE.
2023-04-14 15:49:10 +01:00
f9d5459a9c
Land #17872 , Ensure identify hashes helper is accessible to modules
2023-04-13 16:20:20 +01:00
90dacd00ab
favor a staged meterpreter payload over the non staged payload as a default
2023-04-13 16:11:19 +01:00
aef2b8d314
Land #17804 , Fix incorrect module metadata CI and add validation automation
2023-04-13 15:11:46 +01:00
8e2169ed47
Ensure identify hashes helper is accessible to modules
2023-04-12 13:28:56 +01:00
375d9b34f1
make on_request_uri compatible with both command staget and teh generic java target
2023-04-11 14:25:07 +01:00
0022d0b8c3
Merge branch 'CVE-2023-26359-java-payload' into CVE-2023-26359
2023-04-11 13:59:37 +01:00
1dc8eb2802
remove linemax option from execute_cmdstager as it was artifact from testing and is not needed here
2023-04-11 12:14:28 +01:00
296fd6fec7
add in bourne and printf command stager flavors for Linux target
2023-04-11 12:07:49 +01:00
70018f7543
add psh_invokewebrequest as a command stager flavor for Windows
2023-04-11 11:57:39 +01:00
657c1446c4
dont check these datastore options for empty? as the default values will either be set or an empty value will be detected during configuration validation
2023-04-11 11:41:55 +01:00
fa1e7ae016
close all CMFL tags and chain the getRuntime and exec calls for berevity
2023-04-11 11:22:13 +01:00
b05c9c6303
add a generic java target
2023-04-06 17:29:50 +01:00
67b98b5120
merge tested exploits
2023-04-06 15:42:39 +01:00
43fe41bea5
RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln.
2023-04-06 14:02:01 +01:00
f0189cc886
revert another get_once
2023-04-06 11:43:50 +01:00
656c562816
Added notes, revert to get_once
2023-04-06 11:01:32 +01:00
cc79fe039a
Merge branch 'rapid7:master' into weblogic-t3s-support
2023-04-06 10:38:29 +01:00
5d63175b56
Land #17823 , php_cgi_arg_injection: Fix check regex match to detect code html tag
2023-04-05 16:44:52 +02:00
c3a7da54d5
reduces code duplication
2023-04-04 10:27:11 +01:00
40e6917b7f
tests passing
2023-04-04 10:24:09 +01:00
a54f3d4707
fix broken module references
...
doing these "by domain" now, piecemeal.
this PR fixes all broken references to the "insecurety" website, which is long dead.
2023-04-01 05:17:02 -07:00
0a559bfded
Land #17704 , Apache Solr RCE via Velocity Template: Attempt fix for NoMethodError when exploiting
2023-03-29 15:12:04 +01:00
f3c12ba176
Land #17808 , Update broken secunia references
...
The Secunia links in the framework were dead. They have
now been restored using the wayback machine to grab
replacement links from the earliest date possible.
2023-03-27 17:20:13 -04:00
abe5570902
php_cgi_arg_injection: Fix check regex match to detect code html tag
2023-03-27 15:21:04 +11:00
8572053f0c
php_cgi_arg_injection: Add notes and resolve Rubocop violations
2023-03-27 15:16:51 +11:00
d04c8e1bce
Update broken secunia references
2023-03-23 10:43:57 +00:00
67ac2dc584
Land #17771 , add monitorr file upload rce
2023-03-22 13:00:38 -05:00
3fe0801d92
use target_uri.path in requests
2023-03-22 12:50:11 -05:00
e3df74ee5b
Updates addressing review points of space-r7
2023-03-20 21:04:58 +00:00
871a251c94
Apply suggestions from code review
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-03-20 21:44:11 +01:00
5903addbd6
Updates adressing majority of review points
2023-03-19 15:13:09 +00:00
0df12fd694
Land #17754 , Open web analytics 1.7.3 remote code execution
2023-03-17 10:15:33 +01:00
04e0fc70bf
Apply suggestions from code review
...
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com >
2023-03-16 19:25:03 +01:00
3baa894840
Add DefangedMode to warn the user
2023-03-16 18:07:28 +01:00
daadb4f523
Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781)
2023-03-16 11:01:07 +01:00
Spencer McIntyre