adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,058 Commits 27 Branches 1,043 Tags
ff4db5daeac984845ebccd3ed34db41f8a37e7aa
Commit Graph

29053 Commits

Author SHA1 Message Date
Spencer McIntyre ff4db5daea Add the REMOVE action to the exploit for CVE-2020-6287 2020-07-23 17:59:40 -04:00
Spencer McIntyre 68614bcc3b Add check functionality for CVE-20220-6287 2020-07-23 14:46:06 -04:00
Spencer McIntyre e0046ef8f2 Randomize unnecessary values and set the secure attribute 2020-07-23 10:47:53 -04:00
Spencer McIntyre d108cd0da9 Address feedback for consistency within CVE-2020-6287 2020-07-23 10:31:46 -04:00
Spencer McIntyre 593ddd8ac4 Add module docs for CVE-2020-6287 2020-07-23 09:47:22 -04:00
Spencer McIntyre 2364b3f46c Fix the remaining rubocop issues for CVE-2020-6287 2020-07-22 19:18:42 -04:00
Spencer McIntyre 7b781ca12f Report a vuln in the CVE-2020-6287 module and fix xpath comparisons 2020-07-22 18:29:55 -04:00
Spencer McIntyre 2d43da2a39 Apply rubocop fixes for CVE-2020-6287 2020-07-22 18:04:11 -04:00
Spencer McIntyre ec9ee2baa7 Complete the exploit with privilege escalation through a role 2020-07-22 17:57:39 -04:00
Spencer McIntyre d1e2c75b3e Initial PoC of CVE-2020-6287 that adds a user 2020-07-17 02:03:43 -04:00
Shelby Pace 895c170394 Land #13769, add FortiMail auth bypass scanner 2020-07-09 09:28:45 -05:00
Shelby Pace ef3545d620 rubocop module 2020-07-09 09:26:39 -05:00
Patrick 78c5d57a32 Added output of build information as replacement for the missing version info 2020-07-09 09:28:35 +02:00
William Vu 398c13a1b2 Add Mikhail Klyuchnikov's writeup as a reference 2020-07-08 14:36:42 -05:00
William Vu ee240393f4 Credit Mikhail Klyuchnikov for CVE-2019-19781 2020-07-08 14:35:16 -05:00
Patrick 9b57c5347e Refactoring based on suggestions by bcoles 2020-07-08 16:37:14 +02:00
Patrick 75dde9551d Added suggestions of msftidy 2020-07-08 14:24:34 +02:00
Patrick 2e96990714 Refactored checking method 2020-07-08 14:22:50 +02:00
Patrick 517180e8d8 Integrated reporting to database 2020-07-08 13:15:28 +02:00
Spencer McIntyre 16ff439296 Land #13807, Add F5 BIG-IP TMUI Directory Traversal and File Upload RCE (CVE-2020-5902) 2020-07-07 13:44:01 -04:00
William Vu d726a2cdcb Fix a few final things 2020-07-07 12:06:05 -05:00
Patrick b4e7815d80 added more suggestions by space-r7 2020-07-07 12:06:40 +02:00
Patrick 361df36f33 Apply suggestions from code review by space-r7 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-07-07 10:56:27 +02:00
William Vu c8176b803a Add version information to the description 2020-07-06 16:24:22 -05:00
William Vu 7ef4cb64ad Tweak timeouts to avoid a race condition 2020-07-06 14:30:27 -05:00
William Vu be90526d5f Add vuln discovery credit and reference 2020-07-06 14:26:52 -05:00
Shelby Pace a2309f018e Land #13740, add springcloud dir traversal 2020-07-06 09:48:40 -05:00
Shelby Pace 224005ee7a Remove trailing comma 2020-07-06 09:47:58 -05:00
William Vu 41bb4d3a8d Add dir_trav method back in 
I was wondering why I refactored it away. Oh, I needed it.
 2020-07-05 18:23:45 -05:00
William Vu 1f765d0e1f Upgrade CheckCodes, since the dir traversal passed 2020-07-05 16:29:53 -05:00
William Vu 6e7701ba21 Add rudimentary check method 2020-07-05 16:18:03 -05:00
William Vu 0417e88ff2 Add F5 BIG-IP TMUI RCE (CVE-2020-5902) 2020-07-05 15:22:15 -05:00
William Vu 36b5d237fa Make cmd/unix target types consistent to :unix_cmd 
There were some using :unix_command, and it was just an oversight.
 2020-07-05 11:16:47 -05:00
Brendan Coles f9a5de87f8 Land #13789, Add OpenSIS Unauthenticated PHP Code Execution module 2020-07-04 15:49:45 +00:00
EgiX b286eda4d1 Update opensis_chain_exec.rb 2020-07-03 18:00:36 +02:00
EgiX 3866d875e1 Update modules/exploits/unix/webapp/opensis_chain_exec.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-07-03 17:38:33 +02:00
Dhiraj Mishra fc018a9410 Update springcloud_directory_traversal.rb 
use gsub for slashes in traversal path
 2020-07-02 10:15:09 +04:00
EgiX 60ec23c271 Update opensis_chain_exec.rb 2020-07-01 23:38:07 +02:00
gwillcox-r7 c311ea5b5b Land #13768, Netgear R6700 Admin Password Reset (CVE-2020-10923 and CVE-2020-10924) 2020-07-01 14:58:53 -05:00
William Vu 01899d4843 Land #13787, AutoCheck mixin refactor with prepend 2020-07-01 14:49:03 -05:00
William Vu 08c1402be9 Land #13733, AnyDesk GUI CVE-2020-13160 exploit 2020-07-01 14:47:07 -05:00
William Vu 5ec31d2e41 Update recent modules to use prepend 2020-07-01 14:43:15 -05:00
William Vu ffc07d6c8f Merge remote-tracking branch 'upstream/master' into pr/13787 2020-07-01 14:42:16 -05:00
Spencer McIntyre a27bf9df38 Fix some grammatical mistakes and set a default target for anydesk 2020-07-01 15:27:33 -04:00
gwillcox-r7 fdfef2729f Update documentation and modules to better list the range of versions affected now that we know which versions we can target and the CVE IDs. Also update the firmware links to archive.org links in case they ever get removed which is more common than you think 2020-07-01 13:28:46 -05:00
gwillcox-r7 ddb41d5a50 Update module and documentation with new output from the exploit 2020-07-01 13:28:32 -05:00
gwillcox-r7 3db867e5eb Futher updates to the module documentation since technically this module doesn't send the packet to UDP port 23 to enable the telnet server. 2020-07-01 13:28:15 -05:00
gwillcox-r7 d1e66c9d9f Add in rest of the fixes from my updates to the code 2020-07-01 13:27:58 -05:00
gwillcox-r7 79794b32ae Add in update to denote the timeout and MAC options in the telnetenable module in case this helps fix people's issues. 2020-07-01 13:27:56 -05:00
gwillcox-r7 37f2eb8e9d Fix up Failure::UNKNOWN check within get_offset() 2020-07-01 13:27:56 -05:00