adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
290656faafaba0a7cf63df9c6df630b77938d54a
metasploit-gs/documentation/modules/exploit/multi/http
T
History
Jack Heysel a73a7531a9 Land #18827, Add module for BoidCMS CVE-2023-38836 
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
2024-02-29 21:31:44 -08:00
..
adobe_coldfusion_rce_cve_2023_26360.md
update the AKB URL to reference the changed CVE
2023-04-14 17:44:38 +01:00
agent_tesla_panel_rce.md
Fix up items mentioned by @space-r7 during her review
2020-06-18 09:56:20 -05:00
apache_activemq_upload_jsp.md
Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall
2021-06-14 15:02:38 -05:00
apache_apisix_api_default_token_rce.md
Fixup typos
2022-03-04 12:34:14 -05:00
apache_commons_text4shell.md
Add output from test run on windows target
2024-01-15 00:26:47 +05:30
apache_couchdb_erlang_rce.md
Documentation touchups
2022-11-01 11:43:01 -05:00
apache_druid_cve_2023_25194.md
Apply suggestions from code review
2023-06-23 09:36:50 +02:00
apache_flink_jar_upload_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
apache_nifi_processor_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
apache_normalize_path_rce.md
Tweak the verbiage for clarity, update docs
2021-10-22 12:38:03 -04:00
apache_rocketmq_update_config.md
Apache RocketMQ update config RCE
2023-07-05 12:38:51 -04:00
atlassian_confluence_namespace_ognl_injection.md
Update the docs with the Windows target
2022-06-15 17:24:44 -04:00
atlassian_confluence_rce_cve_2023_22515.md
add in documentation for Options
2023-10-18 10:05:05 +01:00
atlassian_confluence_rce_cve_2023_22527.md
Add module docs
2024-01-24 12:49:27 -05:00
atlassian_confluence_unauth_backup.md
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
atlassian_confluence_webwork_ognl_injection.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
atlassian_crowd_pdkinstall_plugin_upload_rce.md
Final fixup edits to change the timeout value to be an advanced option and also to use send_req_cgi
2021-08-05 13:10:24 -05:00
atutor_upload_traversal.md
Improve autoselect (incorporate suggestions from code review)
2020-06-18 16:39:11 -04:00
axis2_deployer.md
sample output to scenarios conversion in docs
2017-05-31 21:21:38 -04:00
baldr_upload_exec.md
Further edits for RuboCop and msftidy_docs.rb compliance
2020-08-06 11:18:39 -05:00
bitbucket_env_var_rce.md
update line numbers
2023-03-15 13:24:33 -05:00
builderengine_upload_exec.md
Add doc and make minor changes
2017-05-16 14:47:19 -05:00
cacti_pollers_sqli_rce.md
Fix typos
2024-02-02 11:45:51 +01:00
caidao_php_backdoor_exec.md
module doc standardizations
2020-01-20 21:26:59 -05:00
churchinfo_upload_exec.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
cisco_dcnm_upload_2019.md
module doc standardizations
2020-01-20 21:26:59 -05:00
clipbucket_fileupload_exec.md
fix install lines
2020-03-24 09:36:17 -04:00
cmsms_object_injection_rce.md
Apply suggestions from code review
2019-11-03 00:32:10 +01:00
cmsms_showtime2_rce.md
scenario to scenarios
2020-01-16 10:36:38 -05:00
cmsms_upload_rename_rce.md
Update cmsms_upload_rename_rce check and docs
2018-07-19 18:26:42 +00:00
cockpit_cms_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
coldfusion_ckeditor_file_upload.md
Remove extra new lines
2019-01-10 06:44:22 -06:00
confluence_widget_connector.md
h1 to h2
2020-01-16 11:46:36 -05:00
connectwise_screenconnect_rce_cve_2024_1709.md
@rad10 noted the download link we gave no longer works, but has provided a second link, so adding that to the docs
2024-02-23 17:54:14 +00:00
cve_2021_35464_forgerock_openam.md
Add in ForgeRock demonstration and fix up some last minor issues with the documentation to make it more accurate
2021-07-09 16:43:25 -05:00
cve_2023_38836_boidcms.md
Updates based on jheysel-r7's suggestions
2024-02-29 12:42:22 -06:00
dotcms_file_upload_rce.md
Responded to PR feedback
2022-05-30 14:46:54 -04:00
drupal_drupageddon.md
drupageddon docs
2016-09-15 13:29:06 -04:00
fortra_goanywhere_mft_rce_cve_2024_0204.md
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
fortra_goanywhere_rce_cve_2023_0669.md
Add credit for CVE-2023-0669; fix path in docs
2023-02-09 13:02:40 -05:00
freenas_exec_raw.md
remove and check for instruction text
2020-03-24 09:15:04 -04:00
getsimplecms_unauth_code_exec.md
Move getsimplecms_unauth_code_exec.md documentation to http dir
2022-04-16 16:53:34 +00:00
git_lfs_clone_command_exec.md
remove GIT_HOOK option
2021-08-12 10:18:13 -05:00
git_submodule_command_exec.md
rename module docs so they are viewable
2017-08-29 18:09:30 -05:00
git_submodule_url_exec.md
add documentation
2018-10-18 12:45:53 +08:00
gitea_git_fetch_rce.md
Update documentation
2022-10-03 19:57:25 +07:00
gitea_git_hooks_rce.md
Add Gitea and Gogs RCE modules and documentations
2021-03-31 16:47:29 +02:00
gitlab_exif_rce.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
gitlab_file_read_rce.md
Add ssl setup documentation for gitlab
2021-05-17 23:59:08 +01:00
gitlab_github_import_rce_cve_2022_2992.md
Remove the NGROK_URL option
2023-02-13 14:31:44 -05:00
gitlist_arg_injection.md
changed inconsistent capitalization
2018-07-05 15:56:41 -05:00
glassfish_deployer.md
fix install lines
2020-03-24 09:36:17 -04:00
gogs_git_hooks_rce.md
Add Gitea and Gogs RCE modules and documentations
2021-03-31 16:47:29 +02:00
horde_csv_rce.md
Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518)
2020-03-14 16:07:51 +01:00
horde_form_file_upload.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
horizontcms_upload_exec.md
Add CVE ID to module and docs
2020-11-05 07:05:32 -05:00
ibm_openadmin_tool_soap_welcomeserver_exec.md
Add documentation
2017-06-01 06:03:10 +00:00
jenkins_metaprogramming.md
Don't be lazy and spell out "introduction" in docs
2019-09-30 16:58:00 -05:00
jenkins_script_console.md
adds more future proofing to implementation
2023-06-21 14:19:24 +01:00
jenkins_xstream_deserialize.md
Add docs
2017-11-07 10:58:28 -05:00
jetbrains_teamcity_rce_cve_2023_42793.md
Minor code changes
2023-09-28 13:19:26 -04:00
jira_plugin_upload.md
Fixed typos and errors in documentation
2018-02-25 15:29:24 -05:00
kong_gateway_admin_api_rce.md
Make changes suggested in review
2020-10-27 21:13:45 +00:00
liferay_java_unmarshalling.md
Update post-RuboCop style in my recent modules
2020-04-22 10:52:00 -05:00
log4shell_header_injection.md
Preemptively tweak references to ysoserial
2022-01-11 16:25:21 -05:00
lucee_scheduled_job.md
updated docs to reflect changes from smcintyre-r7
2023-02-28 19:58:39 -06:00
magento_unserialize.md
undo some spelling fixes when upstream has those issues
2023-10-11 06:30:11 -04:00
makoserver_cmd_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
manageengine_adselfservice_plus_saml_rce_cve_2022_47966.md
Fix CVE
2023-01-30 12:18:08 +01:00
manageengine_servicedesk_plus_saml_rce_cve_2022_47966.md
Minor punctuation change
2023-02-06 16:32:39 -06:00
mantisbt_manage_proj_page_rce.md
Add MSF module for EDB 6768
2018-04-14 08:51:51 -04:00
maracms_upload_exec.md
Add maracms_upload_exec.rb exploit module and docs
2020-09-22 16:53:29 -04:00
mediawiki_syntaxhighlight.md
sample output to scenarios conversion in docs
2017-05-31 21:21:38 -04:00
microfocus_obm_auth_rce.md
add suggestions by cdelafuente-r7
2021-02-09 14:24:49 +07:00
microfocus_ucmdb_unauth_deser.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
mirth_connect_cve_2023_43208.md
Check the response when exploiting
2024-01-29 14:38:49 -05:00
monitorr_webshell_rce_cve_2020_28871.md
small update to documentation on vulnerable releases
2023-03-20 21:12:49 +00:00
monstra_fileupload_exec.md
module options to options
2020-01-16 10:49:22 -05:00
moodle_admin_shell_upload.md
more libs for moodle and teacher priv esc to rce module
2021-09-04 13:31:11 -04:00
moodle_spelling_path_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
moodle_teacher_enrollment_priv_esc_to_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
mybb_rce_cve_2022_24734.md
Fixes from code review
2022-05-30 16:24:18 +02:00
navigate_cms_rce.md
module options to options
2020-01-16 10:49:22 -05:00
nostromo_code_exec.md
Update documentation/modules/exploit/multi/http/nostromo_code_exec.md
2019-10-30 15:38:50 +01:00
october_upload_bypass_exec.md
verification to verification steps
2020-01-16 10:41:12 -05:00
open_web_analytics_rce.md
Fix typo
2023-03-15 01:54:36 +01:00
openfire_auth_bypass_rce_cve_2023_32315.md
added documentation
2023-07-08 12:30:54 +00:00
openmrs_deserialization.md
update scenarios section
2019-12-04 12:19:58 -06:00
opmanager_sumpdu_deserialization.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
oracle_weblogic_wsat_deserialization_rce.md
vulnerable application h1 to h2
2020-01-16 10:44:35 -05:00
orientdb_exec.md
module doc standardizations
2020-01-20 21:26:59 -05:00
oscommerce_installer_unauth_code_exec.md
Update oscommerce_installer_unauth_code_exec.md
2018-04-06 13:05:14 +01:00
papercut_ng_auth_bypass.md
Add options to the documentation
2023-06-07 15:05:12 +02:00
pentaho_business_server_authbypass_and_ssti.md
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
php_fpm_rce.md
Update code and documentation
2020-02-17 18:25:10 +01:00
phpmailer_arg_injection.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
phpmyadmin_lfi_rce.md
Add Targets and Session file inclusion
2018-07-06 12:17:26 -05:00
phpmyadmin_null_termination_exec.md
Use Gem::Version
2018-06-18 08:35:47 -05:00
phpstudy_backdoor_rce.md
Add phpstudy backdoor exploit module
2020-02-23 10:23:32 +08:00
pimcore_unserialize_rce.md
scenario to scenarios
2020-01-16 10:36:38 -05:00
playsms_filename_exec.md
module options to options
2020-01-16 10:49:22 -05:00
playsms_template_injection.md
Cleanup more status methods and move the module
2020-04-03 10:21:27 -04:00
playsms_uploadcsv_exec.md
module options to options
2020-01-16 10:49:22 -05:00
processmaker_exec.md
sample output to scenarios
2020-01-16 11:15:06 -05:00
processmaker_plugin_upload.md
Update tested versions
2018-03-20 02:49:56 +00:00
qdpm_authenticated_rce.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
rails_actionpack_inline_exec.md
Add documentation for rails_actionpack_inline_exec
2016-07-07 16:15:51 -05:00
rails_double_tap.md
module doc standardizations
2020-01-20 21:26:59 -05:00
rails_dynamic_render_code_exec.md
Don't be lazy and spell out "introduction" in docs
2019-09-30 16:58:00 -05:00
rails_web_console_v2_code_exec.md
sample output to scenarios conversion in docs
2017-05-31 21:21:38 -04:00
rudder_server_sqli_rce.md
Add note for Windows compatibility
2023-07-28 17:06:38 +02:00
shiro_rememberme_v124_deserialize.md
Add additional setup notes for some modules
2021-03-11 12:09:29 -06:00
shopware_createinstancefromnamedarguments_rce.md
module doc standardizations
2020-01-20 21:26:59 -05:00
solr_velocity_rce.md
Changes to support older Solr (tested 5.3.0)
2020-12-13 19:05:47 -06:00
sonicwall_scrutinizer_methoddetail_sqli.md
update doc
2016-05-13 23:31:38 -05:00
sonicwall_shell_injection_cve_2023_34124.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
splunk_privilege_escalation_cve_2023_32707.md
Update splunk_privilege_escalation_cve_2023_32707.md
2023-10-23 11:31:19 +02:00
splunk_upload_app_exec.md
Update splunk_upload_app_exec.md
2019-03-19 22:44:07 +01:00
spring_cloud_function_spel_injection.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
spring_framework_rce_spring4shell.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
struts2_content_type_ognl.md
module doc standardizations
2020-01-20 21:26:59 -05:00
struts2_multi_eval_ognl.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
struts2_namespace_ognl.md
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
struts2_rest_xstream.md
module doc standardizations
2020-01-20 21:26:59 -05:00
struts_dmi_exec.md
Add mod doc for struts_dmi_rest_exec and update struts_dmi_exec.md
2016-06-08 23:15:44 -05:00
struts_dmi_rest_exec.md
Add mod doc for struts_dmi_rest_exec and update struts_dmi_exec.md
2016-06-08 23:15:44 -05:00
subrion_cms_file_upload_rce.md
Fix exploit/linux typos in Subrion RCE docs
2023-08-23 22:44:49 +08:00
sugarcrm_webshell_cve_2023_22952.md
added MIME, added break in mixin and added link with installation instructions
2023-03-09 09:28:46 -06:00
tomcat_jsp_upload_bypass.md
fixed msftidy errors and added documentation
2017-10-11 07:57:01 -04:00
tomcat_mgr_deploy.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
tomcat_mgr_upload.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
torchserver_cve_2023_43654.md
Address comments from the review
2023-10-12 09:50:19 -04:00
totaljs_cms_widget_exec.md
Move totaljs cms module and doc
2019-10-15 10:11:14 -05:00
trendmicro_threat_discovery_admin_sys_time_cmdi.md
doc cleanup
2020-03-24 08:47:21 -04:00
ubiquiti_unifi_log4shell.md
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
vbulletin_getindexablecontent.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00
vbulletin_widget_template_rce.md
Whitespace adjustment and remove superfluous return statements
2020-08-12 13:59:25 -04:00
vbulletin_widgetconfig_rce.md
module doc standardizations
2020-01-20 21:26:59 -05:00
vmware_vcenter_log4shell.md
Add vCenter Log4Shell docs
2022-01-13 14:50:28 -05:00
vmware_vcenter_uploadova_rce.md
Update vmware_vcenter_uploadova_rce module doc
2021-03-30 21:08:21 -05:00
vtiger_logo_upload_exec.md
Update module, Add documentation
2018-07-30 12:11:08 -05:00
weblogic_admin_handle_rce.md
Lock JDK to 8u131 to be safe
2020-11-18 15:17:12 -06:00
werkzeug_debug_rce.md
adding docs for #4888 #5697 #6731
2016-07-29 23:11:57 -04:00
wp_ait_csv_rce.md
spelling
2021-01-09 08:13:19 -05:00
wp_backup_migration_php_filter.md
Fixed spacing and removed unused method
2024-01-11 13:13:57 -05:00
wp_catch_themes_demo_import.md
more wp catch themes doc and error handling
2022-01-04 04:34:42 -05:00
wp_crop_rce.md
add option in documentation and add notes
2022-10-25 12:22:00 -05:00
wp_db_backup_rce.md
add documentation and finished module
2019-06-25 11:21:15 -05:00
wp_dnd_mul_file_rce.md
add session_created, fix typo
2020-06-04 10:32:17 -05:00
wp_file_manager_rce.md
Module can now use mkfile+put method to exploit vulnerability.
2020-10-15 17:46:40 +08:00
wp_plugin_backup_guard_rce.md
rename docs, modify privileged to false
2021-07-20 15:31:38 -05:00
wp_plugin_elementor_auth_upload_rce.md
cve-2022-1329
2022-10-02 15:59:58 -04:00
wp_plugin_fma_shortcode_unauth_rce.md
Update documentation/modules/exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce.md
2023-07-25 14:06:45 +01:00
wp_plugin_modern_events_calendar_rce.md
modify info, fix spacing
2021-07-26 09:43:34 -05:00
wp_plugin_sp_project_document_rce.md
modify doc description
2021-07-23 12:33:41 -05:00
wp_popular_posts_rce.md
wp_popular_posts_rce
2021-12-08 16:45:19 -05:00
wp_responsive_thumbnail_slider_upload.md
Update module and its documentation
2018-07-26 23:08:20 -05:00
wp_royal_elementor_addons_rce.md
Add module output
2023-11-28 08:41:35 +01:00
wp_simple_file_list_rce.md
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
wso2_file_upload_rce.md
Responded to comments added retry_until_true
2022-04-27 09:45:18 -07:00
zabbix_script_exec.md
spelling fixes on docs
2023-10-10 14:46:18 -04:00