adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,658 Commits 27 Branches 1,043 Tags
fc7cd7fdc57c4e2f2dcb02c09f2efad42e70bc67
Commit Graph

1558 Commits

Author SHA1 Message Date
Wei Chen 76ec4781a3 Land #11127, Fix TARGETURI support in struts2_namespace_ognl 2018-12-15 07:35:20 -08:00
William Vu d5309999db Land #11107, double negative logic cleanup 2018-12-11 18:32:32 -08:00
Brent Cook d8e0b17777 Land #10973, Rework DisclosureDate check in msftidy, including ISO 8601 support 2018-11-19 08:50:32 -08:00
Jacob Robles 77da5b145e Land #10828, git submodule url exec CVE-2018-17456 2018-11-14 10:51:16 -08:00
Shelby Pace a90bea2551 Land #9631, add Jira plugin upload module 2018-11-13 13:36:30 -08:00
Jacob Robles 9b495913dc Land #10873, Add notes to exploit modules 2018-11-02 12:13:37 -07:00
William Vu f0096227e7 Land #10505, post-auth and default creds info 2018-10-24 17:09:28 -05:00
William Vu 34a1c48d7c Land #10671, struts2_namespace_ognl updates 
There are still some outstanding concerns, but I want to unblock this.
 2018-10-12 09:16:44 -07:00
Jacob Robles ff06f81f89 Land #10704, Navigate CMS Unauthenticated RCE 2018-10-04 04:48:35 -07:00
William Vu b42af6cd96 Land #10728, metadata updates for @rastating 2018-10-02 11:46:30 -07:00
Brent Cook 1ee8734717 Land #10570, AKA Metadata Refactor 2018-09-17 20:31:07 -07:00
William Vu 2ee6a49a27 Land #10649, https://seclists.org references 2018-09-17 15:09:39 -07:00
Wei Chen 3e801c22fb Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 12:56:02 -07:00
William Vu 4360b9e82e Land #10566, struts2_rest_xstream normalize_uri 2018-08-30 14:00:53 -07:00
William Vu add03ca7f8 Land #10543, struts2_rest_xstream targeting fixes 2018-08-28 16:55:02 -07:00
William Vu 98ee549705 Land #10538, PSH target for struts2_rest_xstream 2018-08-28 16:55:01 -07:00
Brent Cook f22e6ec2bf Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 08:53:05 -07:00
Jacob Robles 376a343472 Land #10487, add php5 session file target 2018-08-27 08:49:42 -07:00
Adam Cammack 43f1f8eeb2 Land #10405, Cleanup dropped files for CMSMS 2018-08-01 12:46:44 -07:00
Jacob Robles 7e180a390c Land #10060, vTiger CRM v6.3.0 Upload RCE 2018-07-30 10:34:17 -07:00
Wei Chen 3a67d89711 Land #10383, Add WP Responsive Thumbnail Slider Plugin Exploit Module 2018-07-26 21:56:35 -07:00
Wei Chen e075836ad5 Land #10346, update check method and doc for CMS Made Simple 2018-07-20 15:49:07 -07:00
Wei Chen fdc24fe453 Land #10327, Add CMS Made Simple Upload/Rename Authenticated RCE 2018-07-19 10:20:10 -07:00
William Vu dbd03f9914 Land #10278, gitlist_arg_injection fixes 2018-07-12 17:05:33 -07:00
Wei Chen 465dceb182 Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 16:28:05 -07:00
Shelby Pace 8586e6fc8f Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-12 11:24:03 -05:00
Shelby Pace 45f354e55d Land #10231, Monstra Fileupload Exec 2018-07-12 11:24:02 -05:00
Jacob Robles d480ee8e20 Land #10275, Update missing CVE references for exploit modules 2018-07-12 11:24:01 -05:00
Wei Chen e915bb0f66 Land #10262, Add GitList argument injection exploit module 2018-07-06 12:30:10 -07:00
William Vu d4dfb98fb9 Land #10207, msftidy fixes 2018-06-26 12:40:50 -07:00
Jacob Robles 95cb9f3654 Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution' 2018-06-18 06:55:53 -07:00
William Vu 012de0f6b1 Land #10038, struts_code_exec_parameters EXE fix 2018-05-17 08:16:33 -07:00
William Vu cbac801b88 Land #8727, CVE-2017-9791 exploit 2018-05-17 08:16:33 -07:00
Jacob Robles b2b97db28b Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE 2018-05-09 17:48:53 -07:00
Jacob Robles dcbc871883 Land #9988, playsms_uploadcsv_exec 2018-05-07 09:35:08 -07:00
Jacob Robles 75196b4fc6 Land #9944, playsms_filename_exec.rb 2018-05-07 09:35:08 -07:00
Jacob Robles 8739befa70 Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-03 09:21:02 -07:00
Chris Higgins ded6a50883 Land #8539, ProcessMaker Plugin Upload exploit 2018-04-04 19:06:18 -07:00
William Vu b870091380 Land #9423, PSH for jenkins_xstream_deserialize 2018-03-27 14:21:47 -05:00
h00die c56e571b18 Land #9702 exploit for clipbucket 2018-03-27 13:55:43 -05:00
Aaron Soto 395320ba97 Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-26 18:08:56 -06:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420 New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00