9dcaf93b29
Replace deprecated File.exists? with File.exist?
2023-03-05 14:30:47 +11:00
3abd62076c
Land #17624 , Oracle E-Business Suite Module
...
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
2023-02-28 17:04:20 -05:00
ca6faed172
Check method enhancement
2023-02-24 13:33:10 -05:00
5311a491e9
Froxlor 2.0.7 is actually vulnerable too
2023-02-24 13:18:34 -05:00
9621f77bac
Land #17640 , add Froxlor RCE
2023-02-22 12:11:38 -06:00
bf7884b2dc
Removed need to auth twice when AutoCheck enabled
2023-02-22 12:28:28 -05:00
0c8df1a67b
Updated docs and module suggetsions
2023-02-22 00:33:40 -05:00
42146fc4ec
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 23:02:49 -05:00
80cec400bf
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:59:23 -05:00
fc5f4983f6
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:49 -05:00
647418745f
Update modules/exploits/linux/http/froxlor_log_path_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-02-21 22:58:41 -05:00
e625e2e474
Land #17652 , module for pyload js2py exploit
...
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
2023-02-21 16:27:04 -05:00
963b9a9952
Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587
2023-02-21 18:02:10 +00:00
3854c30a11
more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7
2023-02-21 18:00:17 +00:00
c713da368d
Add in a few fixes from the review
2023-02-17 14:52:57 -06:00
73e82274dd
changes as per @gwillcox-r7 review
2023-02-17 13:10:53 +00:00
44c393e2f1
Fixed netcat session cleanup
2023-02-16 13:14:24 -05:00
1c49b002d2
Changed get_csrf to use xpath
2023-02-16 10:47:04 -05:00
00d1637f3d
Changed check method to use xpath
2023-02-16 10:33:15 -05:00
ecd5ad29a7
Add module docs
2023-02-15 16:29:42 -05:00
5d8b1dc4a6
Link Hadoop YARN exploit to documentation
...
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
2023-02-15 21:17:26 +01:00
557042c91c
Initial exploit is working
2023-02-15 14:18:25 -05:00
8aed02de3d
Linting
2023-02-14 10:39:47 -05:00
ff159c8760
Updated TODO
2023-02-13 20:24:32 -05:00
ca0b1ffe05
Documentation fixes
2023-02-13 19:56:23 -05:00
2e195b2742
Initial commit Froxlor RCE
2023-02-13 19:39:18 -05:00
d012145726
Land #17599 , Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707
2023-02-13 17:50:06 -06:00
96fecb6048
Modified BadChars and FailWith codes
2023-02-13 17:49:09 -05:00
45e453d687
Fix up remaining review comments
2023-02-13 15:07:25 -06:00
79b1801a4f
Rewrote check method to only abuse authentication bypass. Added additional status checks.
2023-02-11 17:43:33 -05:00
a3f4dceb5b
clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this.
2023-02-10 13:03:23 +00:00
dc8ee988f5
use Rex::Version in the check method for better version comparisons
2023-02-10 10:45:32 +00:00
a19bdde276
pass the 'bne:uueupload' param via the vars_get option
2023-02-10 10:44:21 +00:00
54c472ef18
fix typo in the description
2023-02-10 10:43:36 +00:00
036ed7f467
Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware.
2023-02-09 21:55:40 -05:00
f2a86327d0
Minor fixes from review
2023-02-09 15:34:25 -06:00
d4be663923
add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload
2023-02-09 17:28:15 +00:00
86f11b09fb
avoid the upto loop when creating jsp_path
2023-02-09 17:18:58 +00:00
406574722a
satisfy Rubocop
2023-02-09 16:30:30 +00:00
b97a288102
add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE)
2023-02-09 16:22:30 +00:00
4b05ba6189
Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing.
2023-02-08 21:26:18 -05:00
19bcf8be7f
Working hardcoded payload
2023-02-08 18:14:11 -05:00
656ded4b86
Add module notes
2023-02-08 15:46:07 +00:00
25ee41df68
Run rubocop on exploit modules
2023-02-08 15:20:32 +00:00
35749a000a
Added docs. Performed code linting with rubocop.
2023-02-07 20:27:07 -05:00
52fa2e5be6
Add example for version 5.5.6 with CVE-2021-25297
2023-02-07 14:18:53 -06:00
489ab24876
Add in additional case documentation for the various targets and CVEs and fix a bug in the code
2023-02-07 14:18:45 -06:00
7c30889784
Refactor code to handle unsigned licenses in one central function
2023-02-07 14:18:39 -06:00
b14bcd40a2
Fix incorrect match logic grabbing the wrong entry from results for NSP
2023-02-07 14:18:38 -06:00
425da60b15
Add in missing case 5 check
2023-02-07 14:18:38 -06:00
bcoles