adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cc0269edfb8f5fffc085bc5209779de3ca4e6a8
metasploit-gs/documentation/modules/exploit/linux/http
T
History
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
2025-04-30 00:24:25 +02:00
..
acronis_cyber_infra_cve_2023_45249.md
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
alienvault_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
apache_airflow_dag_rce.md
Move module and documentation from multi/http to linux/http
2023-09-17 22:42:26 +08:00
apache_couchdb_cmd_exec.md
apache_druid_js_rce.md
apache_hugegraph_gremlin_rce.md
Responded to comments
2024-08-02 10:47:53 -07:00
apache_nifi_h2_rce.md
apache nifi h2 rce
2023-08-08 17:44:35 -04:00
apache_ofbiz_deserialization_soap.md
apache_ofbiz_deserialization.md
fix ofbiz auto detection
2024-02-06 16:45:02 -05:00
apache_spark_rce_cve_2022_33891.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
apache_superset_cookie_sig_rce.md
superset rce more stable
2023-09-15 16:29:05 -04:00
appsmith_rce_cve_2024_55964.md
Add Appsmith RCE module (CVE-2024-55964)
2025-04-05 14:56:04 +09:00
artica_proxy_auth_bypass_service_cmds_peform_command_injection.md
artica_proxy_unauth_rce_cve_2024_2054.md
module and documentation updates based on review comments (bwatters-r7/cgranleese-r7)
2024-03-21 16:13:55 +00:00
asuswrt_lan_rce.md
axis_app_install.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
axis_srv_parhand_rce.md
bentoml_rce_cve_2025_27520.md
Make user be able to specify a particular endpoint
2025-04-16 21:47:31 +09:00
bentoml_runner_server_rce_cve_2025_32375.md
Add BentoML RCE module (CVE-2025-32375)
2025-04-17 20:46:43 +09:00
beyondtrust_pra_rs_unauth_rce.md
rename the module
2025-02-13 12:51:46 +00:00
bitbucket_git_cmd_injection.md
add documentation
2022-09-20 18:45:48 -05:00
bludit_upload_images_exec.md
cacti_unauthenticated_cmd_injection.md
fix typo and add credit for discovery
2022-12-23 11:11:31 +02:00
cayin_cms_ntp.md
centreon_pollers_auth_rce.md
centreon_useralias_exec.md
chamilo_bigupload_webshell.md
Updated docs
2024-11-11 12:40:56 -08:00
chamilo_unauth_rce_cve_2023_34960.md
Final minor updates
2023-08-23 11:38:07 +00:00
chaos_rat_xss_to_rce.md
review of chaos rat
2024-05-13 16:55:43 -04:00
cisco_asax_sfr_rce.md
Added module for CVE-2022-20828
2022-08-19 12:29:37 -07:00
cisco_firepower_useradd.md
cisco_hyperflex_file_upload_rce.md
cisco_hyperflex_hx_data_platform_cmd_exec.md
cisco_prime_inf_rce.md
cisco_rv32x_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
cisco_rv340_lan.md
Fix up remaining review comments
2023-02-13 15:07:25 -06:00
cisco_rv_series_authbypass_and_rce.md
cisco_ucs_cloupia_script_rce.md
cisco_ucs_rce.md
control_web_panel_login_cmd_exec.md
Fix a typo
2023-01-25 13:45:18 -05:00
cpi_tararchive_upload.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
craftcms_ftp_template.md
Responded to comments
2025-01-15 09:22:44 -08:00
craftcms_preauth_rce_cve_2025_32432.md
Refactor module: modularization, session-path leak, randomized key, improved check
2025-04-30 00:24:25 +02:00
craftcms_unauth_rce_cve_2023_41892.md
Some minor changes to the module and documentation
2023-12-18 08:23:16 +00:00
cve_2019_1663_cisco_rmi_rce.md
dcos_marathon.md
denyall_waf_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
dlink_dir850l_unauth_exec.md
dlink_dsl2750b_exec_noauth.md
dlink_dwl_2600_command_injection.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
docker_daemon_tcp.md
dtale_rce_cve_2025_0655.md
Use FETCH_DELETE as default
2025-03-03 20:52:55 +09:00
elfinder_archive_cmd_injection.md
empire_skywalker.md
Update document
2024-07-31 15:43:03 +09:00
epmp1000_get_chart_cmd_shell.md
epmp1000_ping_cmd_shell.md
eramba_rce.md
Adding more clear installation steps
2025-03-20 19:54:57 +01:00
eyesofnetwork_autodiscovery_rce.md
f5_bigip_tmui_rce_cve_2020_5902.md
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
f5_bigip_tmui_rce_cve_2023_46747.md
Add check code annotations, update AJP link
2023-11-02 08:53:56 -04:00
f5_icontrol_rce.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
f5_icontrol_rest_ssrf_rce.md
f5_icontrol_rpmspec_rce_cve_2022_41800.md
Check in exploit module for CVE-2022-41800
2022-11-16 12:04:18 -08:00
f5_icontrol_soap_csrf_rce_cve_2022_41622.md
Check in exploit script for CVE-2022-41622 (CSRF into SOAP)
2022-11-16 11:58:15 -08:00
flir_ax8_unauth_rce_cve_2022_37061.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
fortinac_keyupload_file_write.md
Update documentation to provide better installation instructions
2023-03-14 10:13:27 -05:00
fortinet_authentication_bypass_cve_2022_40684.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
froxlor_log_path_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
geutebruck_cmdinject_cve_2021_335xx.md
geutebruck_instantrec_bof.md
geutebruck_testaction_exec.md
github_enterprise_secret.md
spelling change per review
2022-11-23 13:26:19 -06:00
glinet_unauth_rce_cve_2023_50445.md
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
glpi_htmlawed_php_injection.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
goahead_ldpreload.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
goautodial_3_rce_code_injection.md
grandstream_gxv31xx_settimezone_unauth_cmd_exec.md
grandstream_ucm62xx_sendemail_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
gravcms_exec.md
chore: remove repetitive words
2024-04-15 11:06:50 +08:00
h2_webinterface_rce.md
h2 doc addition
2023-08-08 17:15:22 -04:00
hadoop_unauth_exec.md
hikvision_cve_2021_36260_blind.md
hp_van_sdn_cmd_inject.md
huawei_hg532n_cmdinject.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
ibm_drm_rce.md
ibm_qradar_unauth_rce.md
imperva_securesphere_exec.md
invoiceninja_unauth_rce_cve_2024_55555.md
docs: update docs for rubocop
2025-02-25 12:15:52 +01:00
invoiceshelf_unauth_rce_cve_2024_55556.md
small update on module and documentation
2025-03-10 19:35:37 +00:00
invokeai_rce_cve_2024_12029.md
Update document
2025-02-17 20:32:43 +09:00
ipfire_bashbug_exec.md
ipfire_oinkcode_exec.md
ipfire_pakfire_exec.md
ipfire_proxy_exec.md
ivanti_connect_secure_rce_cve_2023_46805.md
Update documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805.md
2024-01-18 09:18:28 +00:00
ivanti_connect_secure_rce_cve_2024_21893.md
remove the linux and unix targets in favor of a single automatic target
2024-02-09 09:26:08 +00:00
ivanti_connect_secure_rce_cve_2024_37404.md
Code review
2024-12-02 14:02:07 +01:00
ivanti_csa_unauth_rce_cve_2021_44529.md
Apply fixes per code review
2023-01-17 12:44:22 -06:00
ivanti_sentry_misc_log_service.md
Thanks to Spencer improved execute_command method
2023-09-12 15:14:10 -04:00
jenkins_cli_deserialization.md
judge0_sandbox_escape_cve_2024_28189.md
Add Judge0 module and document
2024-11-20 14:15:38 -08:00
kafka_ui_unauth_rce_cve_2023_52251.md
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
kaltura_unserialize_cookie_rce.md
kaltura_unserialize_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
kibana_timelion_prototype_pollution_rce.md
kibana exploit
2023-08-24 16:08:08 -04:00
kibana_upgrade_assistant_telemetry_rce.md
Update documentation/modules/exploit/linux/http/kibana_upgrade_assistant_telemetry_rce.md
2023-10-06 16:45:52 -04:00
klog_server_authenticate_user_unauth_command_injection.md
lexmark_faxtrace_settings.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
librenms_addhost_cmd_inject.md
librenms_authenticated_rce_cve_2024_51092.md
Update vulnerable version
2025-01-18 10:18:10 +09:00
librenms_collectd_cmd_inject.md
linear_emerge_unauth_rce_cve_2019_7256.md
Fix up missing option in documentation and also add some additional validation on server response.
2023-01-04 17:02:05 -06:00
linksys_wvbr0_user_agent_exec_noauth.md
linuxki_rce.md
logsign_exec.md
spelling change per review
2022-11-23 13:26:19 -06:00
lucee_admin_imgprocess_file_write.md
magento_xxe_to_glibc_buf_overflow.md
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
magnusbilling_unauth_rce_cve_2023_30258.md
third release module with minor text changes
2023-10-31 09:29:13 +00:00
mailcleaner_exec.md
majordomo_cmd_inject_cve_2023_50917.md
Add suggested changes
2023-12-22 00:04:54 +01:00
metabase_setup_token_rce.md
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
microfocus_obr_cmd_injection.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
microfocus_secure_messaging_gateway.md
mida_solutions_eframework_ajaxreq_rce.md
mobileiron_core_log4shell.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
mobileiron_mdm_hessian_rce.md
moodle_rce.md
CVE-2024-6670
2024-09-01 23:26:11 +01:00
mvpower_dvr_shell_exec.md
nagios_xi_autodiscovery_webshell.md
nagios_xi_chained_rce_2_electric_boogaloo.md
nagios_xi_chained_rce.md
nagios_xi_configwizards_authenticated_rce.md
Add example for version 5.5.6 with CVE-2021-25297
2023-02-07 14:18:53 -06:00
nagios_xi_magpie_debug.md
nagios_xi_mibs_authenticated_rce.md
nagios_xi_plugins_check_plugin_authenticated_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
nagios_xi_plugins_filename_authenticated_rce.md
nagios_xi_snmptrap_authenticated_rce.md
netalertx_rce_cve_2024_46506.md
Update FETCH_COMMAND default to curl
2025-02-10 22:00:52 +09:00
netgear_dgn1000_setup_unauth_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
netgear_dnslookup_cmd_exec.md
netgear_r7000_cgibin_exec.md
netgear_unauth_exec.md
netis_unauth_rce_cve_2024_22729.md
Updated check method
2024-06-06 22:23:35 +00:00
netis_unauth_rce_cve_2024_48456_and_48457.md
Apply suggestions from code review
2025-01-07 09:25:41 +01:00
netsweeper_webadmin_unixlogin.md
nexus_repo_manager_el_injection.md
op5_config_exec.md
openmetadata_auth_bypass_rce.md
Fourth release module and documentation
2024-08-02 21:04:50 +00:00
opennms_horizon_authenticated_rce.md
Add check to see if notifications are enabled
2024-03-20 11:33:15 -07:00
opentsdb_key_cmd_injection.md
Add docs for opentsdb_key_cmd_injection
2023-09-08 16:08:18 +01:00
opentsdb_yrange_cmd_injection.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
optergy_bms_backdoor_rce_cve_2019_7276.md
updated module and documentation with SUDO option
2023-03-26 18:31:25 +00:00
oracle_ebs_rce_cve_2022_21587.md
improve the documentation, mention some steps required during setup.
2023-02-22 09:42:11 +00:00
paloalto_expedition_rce.md
Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md
2024-11-12 09:03:51 -06:00
pandora_fms_auth_rce_cve_2024_11320.md
Third release of module + Documentation
2024-12-22 11:41:05 +00:00
pandora_fms_auth_rce_cve_2024_12971.md
small update in description of the module and documentation
2025-04-06 10:49:03 +00:00
pandora_fms_events_exec.md
pandora_ping_cmd_exec.md
panos_management_unauth_rce.md
typo 2
2024-12-17 17:26:20 +00:00
panos_op_cmd_exec.md
Updated error handling
2022-09-13 12:40:59 -04:00
panos_readsessionvars.md
panos_telemetry_cmd_exec.md
Added note about shell from a different IP than RHOST IP
2024-04-19 11:45:56 -05:00
php_imap_open_rce.md
pineapple_bypass_cmdinject.md
pineapple_preconfig_cmdinject.md
progress_flowmon_unauth_cmd_injection.md
Minor fixes, respond to comments
2024-05-23 14:02:28 -04:00
progress_kemp_loadmaster_unauth_cmd_injection.md
Remove Priv Esc to add it to another module and update it to only run once
2024-04-15 15:44:22 -05:00
projectsend_unauth_rce.md
Create projectsend_unauth_rce
2024-11-21 09:34:58 -08:00
pulse_secure_cmd_exec.md
pulse_secure_gzip_rce.md
pyload_js2py_cve_2024_39205.md
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
2024-11-12 16:05:07 -08:00
pyload_js2py_exec.md
Add module docs
2023-02-15 16:29:42 -05:00
qnap_qcenter_change_passwd_exec.md
qnap_qts_rce_cve_2023_47218.md
Docs plus minor edits
2024-02-15 17:12:11 -05:00
rancher_server.md
raspberrymatic_unauth_rce_cve_2024_24578.md
added default options and updated documentation
2025-02-20 13:19:41 -06:00
ray_agent_job_rce.md
Add cve ref
2024-08-20 12:59:52 +09:00
ray_cpu_profile_cmd_injection_cve_2023_6019.md
Add module docs
2024-08-10 10:59:00 +09:00
rconfig_ajaxarchivefiles_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
rconfig_vendors_auth_file_upload_rce.md
roxy_wi_exec.md
Add in updated scenario documentation
2022-07-25 14:14:52 -05:00
saltstack_salt_api_cmd_exec.md
saltstack_salt_wheel_async_rce.md
samsung_srv_1670d_upload_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
selenium_greed_chrome_rce_cve_2022_28108.md
Improve check
2024-12-30 13:36:15 +09:00
selenium_greed_firefox_rce_cve_2022_28108.md
Apply suggestions from #19769
2025-01-04 10:12:57 +09:00
solarview_unauth_rce_cve_2023_23333.md
Apply grammatical suggestions from code review
2023-09-05 17:06:01 -04:00
sonicwall_cve_2021_20039.md
sophos_utm_webadmin_sid_cmd_injection.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
sourcegraph_gitserver_sshcmd.md
Add sourcegraph RCE module docs
2022-07-08 17:27:27 -04:00
spark_unauth_rce.md
spring_cloud_gateway_rce.md
Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs
2022-10-12 11:19:47 -05:00
suitecrm_log_file_rce.md
supervisor_xmlrpc_exec.md
symantec_messaging_gateway_exec.md
symmetricom_syncserver_rce.md
add module documentation
2023-06-13 13:14:51 -05:00
synology_dsm_smart_exec_auth.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
terramaster_unauth_rce_cve_2020_35665.md
Updates based on space-r7 comments
2023-06-08 07:39:44 +00:00
terramaster_unauth_rce_cve_2021_45837.md
Updated NAS model and version check
2023-06-08 09:12:45 +00:00
terramaster_unauth_rce_cve_2022_24990.md
Updates based on review comments from space-r7 and jvoisin
2023-06-12 19:28:08 +00:00
tiki_calendar_exec.md
totolink_unauth_rce_cve_2023_30013.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
tp_link_ncxxx_bonjour_command_injection.md
traccar_rce_upload.md
PoC & Documentation
2024-08-23 23:21:49 +01:00
trend_micro_imsva_exec.md
trendmicro_imsva_widget_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
trendmicro_websecurity_exec.md
ueb_api_rce.md
unraid_auth_bypass_exec.md
spelling change per review
2022-11-23 13:26:19 -06:00
vestacp_exec.md
vinchin_backup_recovery_cmd_inject.md
Update
2023-11-21 18:28:28 +01:00
vmware_nsxmgr_xstream_rce_cve_2021_39144.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
vmware_vcenter_analytics_file_upload.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
vmware_vcenter_vsan_health_rce.md
vmware_view_planner_4_6_uploadlog_rce.md
vmware_vrli_rce.md
Add and use a Thrift client object
2023-09-11 14:37:38 -04:00
vmware_vrni_rce_cve_2023_20887.md
Fix incomplete copy pasta in docs
2023-07-21 14:38:07 -04:00
vmware_vrops_mgr_ssrf_rce.md
vmware_workspace_one_access_cve_2022_22954.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
vmware_workspace_one_access_vmsa_2022_0011_chain.md
docs fix
2023-04-17 16:41:35 -04:00
watchguard_firebox_unauth_rce_cve_2022_26318.md
added documentation
2024-03-05 18:42:09 +00:00
wd_mycloud_multiupload_upload.md
wd_mycloud_unauthenticated_cmd_injection.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
webmin_backdoor.md
webmin_file_manager_rce.md
Update documentation/modules/exploit/linux/http/webmin_file_manager_rce.md
2022-11-01 10:40:01 -05:00
webmin_package_updates_rce.md
Fix from code review
2022-08-09 15:09:25 +02:00
webmin_packageup_rce.md
wepresent_cmd_injection.md
wipg1000_cmd_injection.md
xplico_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
zimbra_cpio_cve_2022_41352.md
Fix the doc to make msftidy_docs.rb happy
2022-10-20 14:33:40 +02:00
zimbra_mboximport_cve_2022_27925.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
zimbra_unrar_cve_2022_30333.md
Add module docs for the split-up unrar modules
2022-07-27 13:24:29 -07:00
zimbra_xxe_rce.md
zyxel_lfi_unauth_ssh_rce.md
Updates based on cdelafuente-r7 comments
2023-05-06 19:05:21 +00:00
zyxel_parse_config_rce.md
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
zyxel_ztp_rce.md
Revised setup guidance
2022-05-13 13:41:05 -07:00