a7b038b822
Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce
...
Adds module for Skyvern SSTI (CVE-2025-49619)
2025-06-27 14:14:40 +02:00
ee890a83ca
Adds BadChars
2025-06-27 11:03:08 +02:00
a0bb2d8c89
Merge pull request #20298 from bcoles/modules-SSL
...
Modules: Convert SSL default option to Boolean in several modules
2025-06-26 15:00:59 +01:00
00c88caffb
Updates incorrect arch values in modules
2025-06-25 16:57:27 +01:00
04a18fb3ca
Updates modules to remove non-printable chars
2025-06-25 14:19:56 +01:00
40ca2b3b1b
Adds sentinel notes to modules that are missing stability, reliability or side effects
2025-06-25 09:32:01 +01:00
a454217bd4
Update info -d markdown
2025-06-24 11:21:49 +01:00
37388ca1be
Adds sentinel values to modules missing notes
2025-06-23 12:24:58 +01:00
b483312eca
Modules: Convert SSL default option to Boolean in several modules
2025-06-23 19:38:36 +10:00
ade9b54d94
Runs Style/TrailingCommaInArguments Rubocop against modules
2025-06-23 09:30:35 +01:00
ca142599e8
Module init
2025-06-23 10:27:27 +02:00
b8c375d087
Merge pull request #20337 from bcoles/exploit-linux-http-opentsdb_key_cmd_injection
...
opentsdb_key_cmd_injection: Set Arch to ARCH_CMD
2025-06-22 14:51:04 +01:00
cede07596f
opentsdb_key_cmd_injection: Set Arch to ARCH_CMD
2025-06-22 12:39:04 +10:00
0307bab692
Update opennms_horizon_authenticated_rce.rb
...
Fix Arch
2025-06-21 20:37:33 +03:00
a4b14d8b64
Runs Rubocop to fix layout in modules
2025-06-20 15:18:01 +01:00
f3b650a409
Major refactoring of PHP payloads and related exploits
2025-05-30 09:06:38 -04:00
365caab8fc
Update the error message in case of Broken pipe error and update the documentation
2025-05-15 12:10:53 +02:00
3d121839c8
Fix from code review #2
2025-05-13 17:17:41 +02:00
4aea95f93c
Fix from code review
2025-05-13 12:54:31 +02:00
d83e6072ef
Add the module and documentation for Ivanti RCE CVE-2025-22457
2025-04-30 22:02:16 +02:00
73f0963d81
Lint ^^
2025-04-30 16:16:30 +02:00
691cead95c
Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2025-04-30 16:10:32 +02:00
c85fe60596
Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-04-30 11:33:14 +02:00
301e9e64e7
Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-04-30 11:32:58 +02:00
39a5d710aa
Refactor module: modularization, session-path leak, randomized key, improved check
...
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
2025-04-30 00:24:25 +02:00
9d0d12004e
Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-04-29 19:59:09 +02:00
59b9249cec
Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-04-29 19:58:38 +02:00
a0e9758c7f
Improve error handling, and search csrf_token in root uri
2025-04-27 08:01:17 +02:00
ba094199da
Fix typo
2025-04-26 10:41:30 +02:00
332c61b6ea
Fix cookie handling and switch to send_request_cgi for HTTP requests
2025-04-26 08:24:11 +02:00
3e96b4148e
Add comment about msftidy issue
2025-04-26 06:02:27 +02:00
9392d0bdf9
Add suggestions
2025-04-26 05:56:41 +02:00
c4e621f3cf
Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE
2025-04-26 05:43:13 +02:00
dc8531e37f
Fix after applied suggestions (escape ')
2025-04-22 21:57:05 +09:00
f579235b95
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-04-22 21:53:05 +09:00
e1b5109c70
Add BentoML RCE module (CVE-2025-32375)
2025-04-17 20:46:43 +09:00
5945e0db0e
Update modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-04-16 22:05:04 +09:00
edcc30699a
Make user be able to specify a particular endpoint
2025-04-16 21:47:31 +09:00
4463bb2ced
Support a pure-python payload
2025-04-16 21:25:36 +09:00
6d936a72b1
Delete ARTIFACTS_ON_DISK
2025-04-16 20:54:22 +09:00
e51cd24383
Add BentoML RCE module (CVE-2025-27520)
2025-04-15 22:46:42 +09:00
fe9a0ad25b
Land #20008 , PandoraFMS Auth RCE module
...
Pandora FMS authenticated RCE [CVE-2024-12971]
2025-04-08 07:50:28 +02:00
40ba981c98
update based on reviewer suggestions
2025-04-07 14:29:51 +00:00
39e4093310
Rubocop formatting after applied suggestions
2025-04-07 21:03:58 +09:00
7aabe06f66
Apply suggestions from code review
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-04-07 20:59:57 +09:00
ec6f4022cd
Make the Ruby code error-safe
2025-04-07 20:28:57 +09:00
f42083db03
Increased the size of email to avoid duplicate
2025-04-07 20:23:31 +09:00
35c1ccccdb
Update modules/exploits/linux/http/appsmith_rce_cve_2024_55964.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-04-07 20:06:55 +09:00
76fb34a5db
small update in description of the module and documentation
2025-04-06 10:49:03 +00:00
8a72fd6861
init module and documentation
2025-04-06 10:33:56 +00:00
Diego Ledda