adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,798 Commits 27 Branches 1,043 Tags
fbda738da98a60146a0bef98b68fc8fc595eb8f5
Commit Graph

17170 Commits

Author SHA1 Message Date
Grant Willcox 5c4d730cd3 Add in missing EDB reference 2023-03-06 14:32:01 -06:00
bcoles 9dcaf93b29 Replace deprecated File.exists? with File.exist? 2023-03-05 14:30:47 +11:00
Spencer McIntyre a418bd9c65 Land #17638, Lucee Scheduled Job RCE 2023-03-02 08:57:19 -05:00
Spencer McIntyre 3fabcc3421 Use coldfusion to decode base64 data 
This means we don't need to rely on base64 being in the path. Also
invoke ARCH_CMD payloads on Windows through cmd.exe and not
powershell.exe.
 2023-02-28 17:32:56 -05:00
Spencer McIntyre c8aa491378 Fail with Unreachable when res is nil 2023-02-28 17:05:59 -05:00
Jack Heysel 3abd62076c Land #17624, Oracle E-Business Suite Module 
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
 2023-02-28 17:04:20 -05:00
Spencer McIntyre a916163b49 Cleanup files and fixup messages 2023-02-28 16:41:57 -05:00
JBince 8b03f2fda8 Reworked payload execution logic 2023-02-27 11:09:34 -06:00
Jack Heysel ca6faed172 Check method enhancement 2023-02-24 13:33:10 -05:00
Jack Heysel 5311a491e9 Froxlor 2.0.7 is actually vulnerable too 2023-02-24 13:18:34 -05:00
space-r7 9621f77bac Land #17640, add Froxlor RCE 2023-02-22 12:11:38 -06:00
Jack Heysel bf7884b2dc Removed need to auth twice when AutoCheck enabled 2023-02-22 12:28:28 -05:00
Jack Heysel 0c8df1a67b Updated docs and module suggetsions 2023-02-22 00:33:40 -05:00
jheysel-r7 42146fc4ec Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 23:02:49 -05:00
jheysel-r7 80cec400bf Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:59:23 -05:00
jheysel-r7 fc5f4983f6 Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:58:49 -05:00
jheysel-r7 647418745f Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:58:41 -05:00
Jack Heysel e625e2e474 Land #17652, module for pyload js2py exploit 
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
 2023-02-21 16:27:04 -05:00
sfewer-r7 963b9a9952 Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587 2023-02-21 18:02:10 +00:00
sfewer-r7 3854c30a11 more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7 2023-02-21 18:00:17 +00:00
JBince 75fb5e883d Exploit update based on feedback 2023-02-19 09:16:56 -06:00
Grant Willcox c713da368d Add in a few fixes from the review 2023-02-17 14:52:57 -06:00
JBince ce9933fc4c Feedback changes + rubocop & msftidy changes 2023-02-17 08:16:49 -06:00
sfewer-r7 73e82274dd changes as per @gwillcox-r7 review 2023-02-17 13:10:53 +00:00
JBince a3a6ae9c4a feedback fixes 2023-02-16 14:33:03 -06:00
Jack Heysel 44c393e2f1 Fixed netcat session cleanup 2023-02-16 13:14:24 -05:00
Jack Heysel 1c49b002d2 Changed get_csrf to use xpath 2023-02-16 10:47:04 -05:00
Jack Heysel 00d1637f3d Changed check method to use xpath 2023-02-16 10:33:15 -05:00
Spencer McIntyre ecd5ad29a7 Add module docs 2023-02-15 16:29:42 -05:00
Arnout Engelen 5d8b1dc4a6 Link Hadoop YARN exploit to documentation 
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
 2023-02-15 21:17:26 +01:00
Spencer McIntyre 557042c91c Initial exploit is working 2023-02-15 14:18:25 -05:00
Spencer McIntyre ac9d60ce9e Land #17281, Added module for CVE-2022-2992 
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
 2023-02-14 16:57:29 -05:00
space-r7 78ae5f49ce add gitlab prefix back to methods 2023-02-14 15:26:01 -06:00
space-r7 304b90ecc8 split mixins between forms and v4 api used 2023-02-14 12:37:43 -06:00
Jack Heysel 8aed02de3d Linting 2023-02-14 10:39:47 -05:00
Jack Heysel ff159c8760 Updated TODO 2023-02-13 20:24:32 -05:00
Jack Heysel ca0b1ffe05 Documentation fixes 2023-02-13 19:56:23 -05:00
Jack Heysel 2e195b2742 Initial commit Froxlor RCE 2023-02-13 19:39:18 -05:00
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Stephen Wildow 96fecb6048 Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
JBince 9c3cfd8bdb Added documentation, cleaned up functions, rubocop fixes 2023-02-13 15:19:45 -06:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Spencer McIntyre c3fa924cfa Remove the NGROK_URL option 2023-02-13 14:31:44 -05:00
Spencer McIntyre 210b7a3254 Use #get_json_document instead of JSON.parse 
Also fix typos
 2023-02-13 14:00:13 -05:00
JBince 2a386981bd Updated Module & Payloads + Rubocop Fixes 2023-02-13 09:03:57 -06:00
JBince f4c5e34a1b Added improved functionality on both Windows and Unix installs 2023-02-12 14:42:22 -06:00
JBince fcfc39296f Added improved functionality on both Windows and Unix installs 2023-02-12 14:39:11 -06:00
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
JBince d5b7ad30a1 Created module 2023-02-10 17:01:57 -06:00
sfewer-r7 a3f4dceb5b clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this. 2023-02-10 13:03:23 +00:00