bcef7ee357
updated module and documentation with SUDO option
2023-03-26 18:31:25 +00:00
28459c286a
init commit module and documentation
2023-03-22 18:40:50 +00:00
3bd4c15704
Correct architecture and do final fixes
2023-03-13 15:46:42 -05:00
2a9ddae531
Updated description
2023-03-09 17:43:14 -05:00
06e7c3d702
Responded to comments updated docs
2023-03-09 17:39:53 -05:00
63e2376f64
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2023-03-09 12:31:30 -05:00
100cfbccf9
Fix up some more slight things in documentation. Also tidy up some things in the module
2023-03-08 17:25:56 -06:00
d31220ef1e
Updated references
2023-03-08 14:17:34 -05:00
263223b783
Last second file reorganization fix
2023-03-08 14:08:46 -05:00
dfae7e2fc4
FortiNAC keyUploap.jsp arbitrary file write CVE-2022-39952
2023-03-08 14:06:28 -05:00
3abd62076c
Land #17624 , Oracle E-Business Suite Module
...
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
2023-02-28 17:04:20 -05:00
ca6faed172
Check method enhancement
2023-02-24 13:33:10 -05:00
5311a491e9
Froxlor 2.0.7 is actually vulnerable too
2023-02-24 13:18:34 -05:00
9621f77bac
Land #17640 , add Froxlor RCE
2023-02-22 12:11:38 -06:00
bf7884b2dc
Removed need to auth twice when AutoCheck enabled
2023-02-22 12:28:28 -05:00
0c8df1a67b
Updated docs and module suggetsions
2023-02-22 00:33:40 -05:00
42146fc4ec
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 23:02:49 -05:00
80cec400bf
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:59:23 -05:00
fc5f4983f6
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:49 -05:00
647418745f
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:41 -05:00
e625e2e474
Land #17652 , module for pyload js2py exploit
...
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
2023-02-21 16:27:04 -05:00
963b9a9952
Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587
2023-02-21 18:02:10 +00:00
3854c30a11
more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7
2023-02-21 18:00:17 +00:00
c713da368d
Add in a few fixes from the review
2023-02-17 14:52:57 -06:00
73e82274dd
changes as per @gwillcox-r7 review
2023-02-17 13:10:53 +00:00
44c393e2f1
Fixed netcat session cleanup
2023-02-16 13:14:24 -05:00
1c49b002d2
Changed get_csrf to use xpath
2023-02-16 10:47:04 -05:00
00d1637f3d
Changed check method to use xpath
2023-02-16 10:33:15 -05:00
ecd5ad29a7
Add module docs
2023-02-15 16:29:42 -05:00
5d8b1dc4a6
Link Hadoop YARN exploit to documentation
...
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
2023-02-15 21:17:26 +01:00
557042c91c
Initial exploit is working
2023-02-15 14:18:25 -05:00
8aed02de3d
Linting
2023-02-14 10:39:47 -05:00
ff159c8760
Updated TODO
2023-02-13 20:24:32 -05:00
ca0b1ffe05
Documentation fixes
2023-02-13 19:56:23 -05:00
2e195b2742
Initial commit Froxlor RCE
2023-02-13 19:39:18 -05:00
d012145726
Land #17599 , Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707
2023-02-13 17:50:06 -06:00
96fecb6048
Modified BadChars and FailWith codes
2023-02-13 17:49:09 -05:00
45e453d687
Fix up remaining review comments
2023-02-13 15:07:25 -06:00
79b1801a4f
Rewrote check method to only abuse authentication bypass. Added additional status checks.
2023-02-11 17:43:33 -05:00
a3f4dceb5b
clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this.
2023-02-10 13:03:23 +00:00
dc8ee988f5
use Rex::Version in the check method for better version comparisons
2023-02-10 10:45:32 +00:00
a19bdde276
pass the 'bne:uueupload' param via the vars_get option
2023-02-10 10:44:21 +00:00
54c472ef18
fix typo in the description
2023-02-10 10:43:36 +00:00
036ed7f467
Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware.
2023-02-09 21:55:40 -05:00
f2a86327d0
Minor fixes from review
2023-02-09 15:34:25 -06:00
d4be663923
add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload
2023-02-09 17:28:15 +00:00
86f11b09fb
avoid the upto loop when creating jsp_path
2023-02-09 17:18:58 +00:00
406574722a
satisfy Rubocop
2023-02-09 16:30:30 +00:00
b97a288102
add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE)
2023-02-09 16:22:30 +00:00
4b05ba6189
Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing.
2023-02-08 21:26:18 -05:00
h00die-gr3y