adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

879 Commits

Author SHA1 Message Date
William Vu 06ca406d18 Fix weird whitespace 2017-04-09 22:23:58 -05:00
Christian Mehlmauer 74dc7e478f update piwik module 2017-04-05 20:19:07 +02:00
Christian Mehlmauer baa473a1c6 add piwik superuser plugin upload module 2017-02-11 00:20:50 +01:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
wchen-r7 8cd9a9b670 Deprecate wp_ninja_forms_unauthenticated_file_upload 
wp_ninja_forms_unauthenticated_file_upload actually supports
multiple platforms.

Instead of using:
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Please use:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
 2016-11-10 11:17:09 -06:00
funkypickle fb0a438fdf Perform a version check to determine exploitability for graphite pickle 2016-10-05 16:08:02 -07:00
William Vu f60d575d62 Add EOF newline back in 2016-10-04 11:14:15 -05:00
wchen-r7 b1cb153c31 Make errors more meaningful 2016-10-03 15:29:40 -05:00
wchen-r7 f838c9990f Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload 
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
 2016-09-27 11:30:52 -05:00
William Vu a7103f2155 Fix missing form inputs 
Also improve check string.
 2016-09-15 19:19:24 -05:00
wchen-r7 ed5bbb9885 Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax 
If res is nil, it should not be doing res.code
 2016-09-13 15:45:57 -05:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection 
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
 2016-09-07 01:58:41 +02:00
Pearce Barry 226ded8d7e Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu 4228868c29 Clean up after yourself 
Can't use FileDropper. :(
 2016-08-16 23:09:14 -05:00
William Vu 1f63f8f45b Don't override payload 
pl is a cheap replacement.
 2016-08-16 23:08:53 -05:00
William Vu b3402a45f7 Add generic payloads 
Useful for testing and custom stuff.
 2016-08-16 23:08:09 -05:00
William Vu 2fed51bb18 Land #7115, Drupal CODER exploit 2016-08-15 01:15:23 -05:00
William Vu 62d28f10cb Clean up Mehmet modules 2016-08-15 01:12:58 -05:00
Mehmet Ince b4846e5793 Enabling cmd_bash payload type with bash-tcp cmd 2016-08-13 00:14:25 +03:00
Mehmet Ince d38e9f8ceb Using # instead of ;. Semicolon is causing msg in error.log. 2016-08-12 23:35:29 +03:00
Mehmet Ince ba79579202 Extending Space limitation up to 250 2016-08-12 22:32:49 +03:00
Mehmet Ince dadafd1fdf Use data:// instead of bogus web server and check() improvements. 2016-07-26 13:31:46 +03:00
Mehmet Ince 780e83dabb Fix for Opt params and Space limits 2016-07-22 20:48:15 +03:00
Mehmet Ince 7e9c5f9011 Fix for double space and indentation 2016-07-21 20:27:52 +03:00
Mehmet Ince 634ee93de4 Add Drupal CODER remote command execution 2016-07-21 20:23:54 +03:00
William Vu 32f1c83c9e Switch to single quotes 
Might as well, since we're avoiding escaping.
 2016-07-21 00:10:17 -05:00
William Vu 2e631cab5b Prefer quoting over escaping 
Having to escape backslashes in a single-quoted string sucks.
 2016-07-21 00:02:08 -05:00
William Vu c6b309d5c9 Fix drupal_restws_exec check method false positive 2016-07-20 23:28:49 -05:00
William Vu b49a847c98 Fix additional things 2016-07-20 13:49:23 -05:00
Mehmet Ince 51bb950201 Avoid return where not required 2016-07-20 21:27:51 +03:00
Mehmet Ince b0a0544627 Remove random string from URI 2016-07-20 20:50:10 +03:00
Mehmet Ince 089816236d Remove double spaces and fix checkcode 2016-07-20 00:01:25 +03:00
Mehmet Ince 9c8e351ba8 Use vars_get un send_request_cgi 2016-07-19 20:12:14 +03:00
Mehmet Ince ec2f8fcc71 Change check method and use meterpreter instead of unix cmd 2016-07-19 11:13:06 +03:00
Mehmet Ince 650034b600 Use normalize_uri params instead of string concatenation 2016-07-19 01:01:05 +03:00
Mehmet Ince c8deb54938 Add Drupal RESTWS Remote Unauth PHP Code Exec 2016-07-18 21:32:10 +03:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
William Vu b2c3267a2a Land #7042, fetch_ninja_form_nonce/wponce fix 2016-07-13 11:38:11 -05:00
William Vu f164afaef8 Land #6932, joomla_contenthistory_sqli_rce fixes 2016-07-12 14:26:49 -05:00
William Vu 310332b521 Clean up module 2016-07-12 11:17:10 -05:00
wchen-r7 b869b890c7 Land #7090, Add module for Tikiwiki Upload Exec 2016-07-12 11:16:50 -05:00
wchen-r7 2471e8bc8c Add FileDropper to cleanup properly 2016-07-12 11:16:18 -05:00
Mehmet Ince 43833c8756 Fixing double normalize function call 2016-07-12 07:30:18 +03:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Mehmet Ince fc56ab6722 Fixing some coding style because of rubocop 2016-07-11 23:10:18 +03:00
Mehmet Ince e79c3ba7c0 Tiki Wiki unauth rce 2016-07-11 22:44:07 +03:00
wchen-r7 1ecef265a1 Do a fail_with in case nonce is not found at all 2016-06-30 11:21:45 -05:00