adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0cae369a455a1a60ac1265509b849162694de4bc
metasploit-gs/modules/exploits/unix/webapp
T
History
Jack Heysel db853f9a68 Land #17711, SPIP unauth RCE module 
This module exploits a publically accessible endpoint in
SPIP that results in code execution in the context of the
user running the webapp (CVE-2023-27372).
2023-04-17 15:30:03 -04:00
..
actualanalyzer_ant_cookie_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
aerohive_netconfig_lfi_log_poison_rce.rb
aerohive_version_fix
2022-10-27 13:33:18 +03:00
ajenti_auth_username_cmd_injection.rb
Update ajenti_auth_username_cmd_injection.rb
2019-11-20 19:09:24 +03:00
arkeia_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
awstats_configdir_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
awstats_migrate_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
awstatstotals_multisort.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
barracuda_img_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
base_qry_common.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
basilic_diff_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
bolt_authenticated_rce.rb
tests passing
2023-04-04 10:24:09 +01:00
cacti_graphimage_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
cakephp_cache_corruption.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
carberp_backdoor_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
citrix_access_gateway_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
clipbucket_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
coppermine_piceditor.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
datalife_preview_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dogfood_spell_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
drupal_coder_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
drupal_drupalgeddon2.rb
tests passing
2023-04-04 10:24:09 +01:00
drupal_restws_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
drupal_restws_unserialize.rb
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
egallery_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
elfinder_php_connector_exiftran_cmd_injection.rb
Update tested versions
2019-03-09 04:41:51 +00:00
flashchat_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
foswiki_maketext.rb
Remove superfluous default_cred? methods
2021-04-07 06:12:25 -05:00
freepbx_config_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
fusionpbx_exec_cmd_exec.rb
Add FusionPBX Command exec.php Command Execution
2019-11-01 23:38:51 +00:00
fusionpbx_operator_panel_exec_cmd_exec.rb
Use bg_system API command
2019-11-01 22:17:26 +00:00
generic_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
get_simple_cms_upload_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
google_proxystylesheet_exec.rb
Removed redundant cleanup calls which exploit_driver will call anyway
2022-03-11 12:08:51 +11:00
graphite_pickle_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
guestbook_ssi_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
hastymail_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
havalite_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
horde_unserialize_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
hybridauth_install_php_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
instantcms_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
invision_pboard_unserialize_exec.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
joomla_akeeba_unserialize.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
joomla_comfields_sqli_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
joomla_comjce_imgmanager.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
joomla_contenthistory_sqli_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
joomla_media_upload_exec.rb
fix URLs not resolving
2022-02-16 17:22:40 -06:00
joomla_tinybrowser.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
jquery_file_upload.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
kimai_sqli.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
libretto_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
maarch_letterbox_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
mambo_cache_lite.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
mitel_awc_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
moinmoin_twikidraw.rb
Remove superfluous default_cred? methods
2021-04-07 06:12:25 -05:00
mybb_backdoor.rb
Converted to Active Support
2023-04-05 16:53:01 +01:00
nagios3_history_cgi.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
nagios3_statuswml_ping.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
nagios_graph_explorer.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
narcissus_backend_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
open_flash_chart_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
openemr_sqli_privesc_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
openemr_upload_exec.rb
reduces code duplication
2023-04-04 10:27:11 +01:00
openmediavault_rpc_rce.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
opennetadmin_ping_cmd_injection.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
opensis_chain_exec.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
opensis_modname_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
openview_connectednodes_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
openx_banner_edit.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
oracle_vm_agent_utl.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
oscommerce_filemanager.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pajax_remote_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_charts_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_eval.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_include.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_vbulletin_template.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_xmlrpc_eval.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
phpbb_highlight.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
phpcollab_upload_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
phpmyadmin_config.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
piwik_superuser_plugin_upload.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
projectpier_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
projectsend_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
qtss_parse_xml_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
rconfig_install_cmd_exec.rb
Update targets
2019-11-01 20:33:23 +00:00
redmine_scm_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
seportal_sqli_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
simple_e_document_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sixapart_movabletype_storable_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
skybluecanvas_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sphpblog_file_upload.rb
Change the cookie to PHPSESSID from my_id for the Simple PHP blog exploit
2020-12-02 10:09:05 -05:00
spip_connect_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
spip_rce_form.rb
Add a module for the latest SPIP vuln
2023-04-17 13:41:03 -04:00
squash_yaml_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
squirrelmail_pgp_plugin.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sugarcrm_rest_unserialize_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sugarcrm_unserialize_exec.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
thinkphp_rce.rb
Consolidate module argument parsing for ensuring consistency
2021-09-02 13:00:02 +01:00
tikiwiki_graph_formula_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
tikiwiki_jhot_exec.rb
Update broken secunia references
2023-03-23 10:43:57 +00:00
tikiwiki_unserialize_exec.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
tikiwiki_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
trixbox_ce_endpoint_devicemap_rce.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
trixbox_langchoice.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
tuleap_rest_unserialize_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
tuleap_unserialize_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
twiki_history.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
twiki_maketext.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
twiki_search.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
vbulletin_vote_sqli_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
vicidial_manager_send_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
vicidial_user_authorization_unauth_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
webmin_show_cgi_exec.rb
Update webmin_show_cgi_exec.rb
2021-01-07 15:05:53 +05:30
webmin_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
webtester_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_admin_shell_upload.rb
moodle_admin_shell_upload working and minor other fixes
2021-08-29 16:59:44 -04:00
wp_advanced_custom_fields_exec.rb
Update broken secunia references
2023-03-23 10:43:57 +00:00
wp_ajax_load_more_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_asset_manager_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_creativecontactform_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_downloadmanager_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_easycart_unrestricted_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_foxypress_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_frontend_editor_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_google_document_embedder_exec.rb
Update broken secunia references
2023-03-23 10:43:57 +00:00
wp_holding_pattern_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_inboundio_marketing_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_infinitewp_auth_bypass.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
wp_infusionsoft_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_lastpost_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_mobile_detector_upload_execute.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_nmediawebsite_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_optimizepress_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_photo_gallery_unrestricted_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_phpmailer_host_header.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
wp_pie_register_bypass_rce.rb
string true to bool true
2022-10-03 19:50:04 -04:00
wp_pixabay_images_upload.rb
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
wp_plainview_activity_monitor_rce.rb
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
wp_platform_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_property_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_reflexgallery_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_revslider_upload_execute.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_slideshowgallery_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_symposium_shell_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_total_cache_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_worktheflow_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_wpdiscuz_unauthenticated_file_upload.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
wp_wpshop_ecommerce_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_wptouch_file_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wp_wysija_newsletters_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
xoda_file_upload.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
xymon_useradm_cmd_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
zeroshell_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
zimbra_lfi.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
zoneminder_lang_exec.rb
fix typo in docs, check some responses
2022-05-04 17:28:37 -05:00
zoneminder_packagecontrol_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
zpanel_username_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00