adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

2369 Commits

Author SHA1 Message Date
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
William Webb 028b1ac251 Land #6816 Oracle Application Testing Suite File Upload 2016-05-24 18:27:10 -05:00
Brent Cook 5bf8891c54 Land #6882, fix moodle_cmd_exec HTML parsing to use REX 2016-05-23 23:25:22 -05:00
wchen-r7 506356e15d Land #6889, check #nil? and #empty? instead of #empty? 2016-05-19 19:23:04 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
Brent Cook cf0176e68b Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
Louis Sato 8dc7de5b84 Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
William Vu c16a02638c Add Oracle Application Testing Suite exploit 2016-04-26 15:41:27 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
wchen-r7 4a95e675ae Rm empty references 2016-04-24 11:46:08 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Brent Cook 57cb8e49a2 remove overwritten keys from hashes 2016-04-20 07:43:57 -04:00
thao doan fd603102db Land #6765, Fixed SQL error in lib/msf/core/exploit/postgres 2016-04-18 10:44:20 -07:00
Pedro Ribeiro 8dfe98d96c Add bugtraq reference 2016-04-14 10:23:53 +01:00
Pedro Ribeiro 2dc4539d0d Change class name to MetasploitModule 2016-04-10 23:27:40 +01:00
Pedro Ribeiro 1fa7c83ca1 Create file for CVE-2016-1593 2016-04-10 23:17:07 +01:00
wchen-r7 6b4dd8787b Fix #6764, nil SQL error in lib/msf/core/exploit/postgres 
Fix #6764
 2016-04-08 15:20:04 -05:00
wchen-r7 28875313be Change class name to MetasploitModule 2016-04-08 14:27:52 -05:00
wchen-r7 ae46b5a688 Bring #6417 up to date with upstream-master 2016-04-08 13:41:40 -05:00
William Vu 11bf1018aa Fix typo 2016-04-06 14:20:41 -05:00
William Vu a4ef9980f4 Land #6677, atutor_sqli update 2016-04-05 19:52:44 -05:00
William Vu d9d257cb1a Fix some things 2016-04-05 19:23:11 -05:00
wchen-r7 74f25f04bd Make sure to always print the target IP:Port 2016-03-30 11:16:41 -05:00
William Vu 2b90846268 Add Apache Jetspeed exploit 2016-03-23 19:22:32 -05:00
h00die ebc7316442 Spelling Fix 
Fixed Thorugh to Through
 2016-03-19 13:58:13 -04:00
James Lee 1375600780 Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
James Lee af642379e6 Fix some OptInts 2016-03-16 14:13:18 -05:00
Brent Cook 1769bad762 fix FORCE logic 2016-03-16 09:53:09 -05:00
wchen-r7 5ef8854186 Update ATutor - Remove Login Code 2016-03-15 17:37:37 -05:00
Brent Cook a50b21238e Land #6669, remove debug code from apache_roller_ognl_injection that breaks Windows 2016-03-13 14:14:10 -05:00
Brent Cook 23eeb76294 update php_utility_belt_rce to use MetasploitModule 2016-03-13 13:59:47 -05:00