7c64b0ba93
add option in documentation and add notes
2022-10-25 12:22:00 -05:00
982cfb97c2
Refactor: check for THEME_DIR as ternary
...
Suggested by @space-r7
2022-10-25 17:38:30 +02:00
08721ccf73
Adding THEME_DIR option to wp_crop_rce exploit
2022-10-20 16:37:21 +02:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
8b5223f53b
Modularize Identify, Update referenced use cases
...
Modularize Identity.rb
Include new module style Identify
Update juniper.rb
Fix inadvertent change
Add new module to identify spec
Put the require back
Put back require line for juniper
2022-10-17 17:28:30 -04:00
46910b9390
Land #17105 , set keep_cookies value to boolean true instead of string true
2022-10-05 11:37:37 +01:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
fffc080286
use vars_form_data
2022-10-03 14:43:12 -04:00
c6e18ee469
cve-2022-1329
2022-10-02 15:59:58 -04:00
5f92d9418d
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
76c6632305
Land #16673 , qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246)
...
Merge branch 'land-16673' into upstream-master
2022-09-29 09:46:27 -05:00
0dcfe72614
Use the standard Linux stager
2022-09-13 16:10:48 -04:00
5e04ece15b
Support newer versions of Jenkins
...
This retains backwards compatibility
2022-09-13 15:08:23 -04:00
fb28f81700
Land #16750 , update jenkins_script_console
2022-08-31 16:59:33 -05:00
324fb69735
Resolve rubocop issues
2022-08-25 14:41:30 -04:00
8a79128ac4
Switch to using Rex::RandomIdentifier
2022-08-25 14:37:37 -04:00
2e8e15e338
Fail back to the old method using error handling
...
Tested successfully on docker image tags:
* Jenkins 1.565 (pushed 2015-11-14)
* Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
* Jenkins 2.346.3 (pushed 2022-08-10)
Issue is that login is broken because the URI changed from
j_acegi_security_check to j_spring_security_check.
2022-08-25 14:06:47 -04:00
76f6eda5a9
Using FileDropper Mixin
2022-07-27 19:32:50 +02:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
3d13dab11e
Update jenkins_script_console.rb
2022-07-06 19:08:38 +02:00
5db741550b
Update jenkins_script_console.rb
...
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
2022-07-06 15:16:01 +02:00
17f82a900e
linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil
2022-07-01 08:43:47 -04:00
f6b6ad4bf1
prevent confluence_widget_connector from crashing when the response body in get_java_property is empty
2022-07-01 07:37:54 -04:00
1b7d8f1e74
Fix a whitespace issue, restore option naming
2022-06-29 12:24:29 -04:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
695e1243b8
Update modules/exploits/multi/http/phpmailer_arg_injection.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-06-28 23:08:20 -10:00
836970e1ae
Update phpmailer_arg_injection.rb
...
fixed typo
2022-06-23 13:45:42 -10:00
8259e8e495
Update phpmailer_arg_injection.rb
...
Fixed regex to match legal name tags
2022-06-23 13:43:21 -10:00
ae8f1c3378
Update on phpmailer_arg_injection.rb #15810
...
Added Regex to validate new options
2022-06-23 13:10:19 -10:00
e9b2fc6ecf
Merge branch 'rapid7:master' into master
2022-06-23 12:52:09 -10:00
96feb8d1be
Update phpmailer_arg_injection.rb
...
Changed new advanced option to camel case
2022-06-23 12:47:26 -10:00
9160573d0c
Better cleanup for Linux
2022-06-16 23:08:32 +02:00
7963b22fa5
Added Windows support
2022-06-16 22:37:56 +02:00
aef69d1c43
Further changes as suggested
2022-06-16 21:04:57 +02:00
4c17a3c342
Fixed documentation spelling and presentation. Changed to new file upload API
2022-06-16 18:59:39 +02:00
b23e2207c2
Removed a rogue require statement
2022-06-16 16:42:03 +02:00
91d83e966c
Changed documentation to fit targets and added installation instructions. Added requests to delete .htaccess
2022-06-16 16:24:17 +02:00
339114e3c0
Check the target platform for compatibility
2022-06-15 17:11:56 -04:00
dc3596525e
Add Windows targets
2022-06-15 15:23:34 -04:00
ba76c5702d
Code changes, included metasploit version comparison utilities, removed Linux targets
2022-06-14 20:45:35 +02:00
cb1e72461f
Renamed username to email to better reflect the user input nature. Created module documentation under /documentation/modules/exploit/multi/http/qdpm_authenticated_rce.md
2022-06-14 10:35:43 +02:00
c906cf8fa2
Fixed EDB reference
2022-06-13 17:41:34 +02:00
3875db78ae
Land #16644 , Add Exploit for CVE-2022-26134 (Confluence RCE)
...
Merge branch 'land-16644' into upstream-master
2022-06-07 16:00:37 -05:00
1a06f69f95
Works through v7.18 now too
2022-06-06 22:03:21 -04:00
45c646afea
Refactor #encode_ognl
2022-06-06 18:15:44 -04:00
2c0e034a18
Fix a couple of typos
2022-06-06 18:14:05 -04:00
f55334f0fe
Add version detection
2022-06-03 18:26:04 -04:00
76ec36a091
Remove the Windows targets for now
2022-06-03 16:50:13 -04:00
29a9ef686a
Finish up a draft of the module
2022-06-03 16:47:02 -04:00
cd6bbeb0ba
WIP module
2022-06-03 15:27:13 -04:00
space-r7