adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d1cecd4d5493f4e38666b76ebffceebee50e596
metasploit-gs/modules/exploits/multi/http
T
History
Kevin Kirsche c7d3b5dfbb Update payload and disable check functionality 
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.

The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
2018-01-18 13:26:44 -05:00
..
activecollab_chat.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
ajaxplorer_checkinstall_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
apache_activemq_upload_jsp.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
apache_jetspeed_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
apache_mod_cgi_bash_env_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
apache_roller_ognl_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
apprain_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
atutor_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
auxilium_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
axis2_deployer.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
bassmaster_js_injection.rb
Fix #9307, credit to @r0610205
2017-12-18 03:55:01 -06:00
bolt_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
builderengine_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
caidao_php_backdoor_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cisco_dcnm_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
coldfusion_rds.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cups_bash_env_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cuteflow_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dexter_casinoloader_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
drupal_drupageddon.rb
Fix #9215, minor style nitpick
2018-01-03 23:11:51 -06:00
eaton_nsm_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
eventlog_file_upload.rb
40% done
2017-08-28 20:17:58 -04:00
extplorer_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
familycms_less_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
freenas_exec_raw.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gestioip_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
git_client_command_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
git_submodule_command_exec.rb
update style
2017-08-29 17:44:39 -05:00
gitlab_shell_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gitorious_graph.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
glassfish_deployer.rb
40% done
2017-08-28 20:17:58 -04:00
glossword_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
glpi_install_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
horde_href_backdoor.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hp_sitescope_issuesiebelcmd.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hp_sitescope_uploadfileshandler.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hp_sys_mgmt_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hyperic_hq_script_console.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
ibm_openadmin_tool_soap_welcomeserver_exec.rb
Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-05-31 13:00:35 +00:00
ispconfig_php_exec.rb
40% done
2017-08-28 20:17:58 -04:00
jboss_bshdeployer.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
jboss_deploymentfilerepository.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
jboss_invoke_deploy.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
jboss_maindeployer.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
jboss_seam_upload_exec.rb
40% done
2017-08-28 20:17:58 -04:00
jenkins_script_console.rb
fix bug where api_token auth was being used without token being set
2017-08-09 12:30:26 -04:00
jenkins_xstream_deserialize.rb
get_vars tweak
2017-11-09 04:16:34 -05:00
jira_hipchat_template.rb
40% done
2017-08-28 20:17:58 -04:00
joomla_http_header_rce.rb
40% done
2017-08-28 20:17:58 -04:00
kordil_edms_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
lcms_php_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
log1cms_ajax_create_folder.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
magento_unserialize.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
makoserver_cmd_exec.rb
Bump ranking to Excellent
2017-11-15 15:00:47 -06:00
manage_engine_dc_pmp_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
manageengine_auth_upload.rb
40% done
2017-08-28 20:17:58 -04:00
manageengine_sd_uploader.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
manageengine_search_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mantisbt_php_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mediawiki_syntaxhighlight.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mediawiki_thumb.rb
40% done
2017-08-28 20:17:58 -04:00
metasploit_static_secret_key_base.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
metasploit_webui_console_command_execution.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mma_backdoor_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mobilecartly_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
moodle_cmd_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
movabletype_upgrade_exec.rb
40% done
2017-08-28 20:17:58 -04:00
mutiny_subnetmask_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nas4free_php_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netwin_surgeftp_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nibbleblog_file_upload.rb
40% done
2017-08-28 20:17:58 -04:00
novell_servicedesk_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
op5_license.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
op5_welcome.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openfire_auth_bypass.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openmediavault_cmd_exec.rb
40% done
2017-08-28 20:17:58 -04:00
openx_backdoor_php.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
opmanager_socialit_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
oracle_ats_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
oracle_reports_rce.rb
40% done
2017-08-28 20:17:58 -04:00
oracle_weblogic_wsat_deserialization_rce.rb
Update payload and disable check functionality
2018-01-18 13:26:44 -05:00
orientdb_exec.rb
Orientdb 2.2.x RCE - Fix regular expression for version detection
2017-07-26 14:35:05 +01:00
pandora_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phoenix_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_cgi_arg_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_utility_belt_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_volunteer_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpfilemanager_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpldapadmin_query_engine.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpmailer_arg_injection.rb
Update phpmailer_arg_injection.rb
2017-08-24 00:29:28 -06:00
phpmoadmin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpmyadmin_3522_backdoor.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpmyadmin_preg_replace.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpscheduleit_start_date.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phptax_exec.rb
40% done
2017-08-28 20:17:58 -04:00
phpwiki_ploticus_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
plone_popen2.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pmwiki_pagelist.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
polarcms_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
processmaker_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
qdpm_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_actionpack_inline_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_dynamic_render_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_json_yaml_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_secret_deserialization.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_web_console_v2_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rails_xml_yaml_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rocket_servergraph_file_requestor_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sflog_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
simple_backdoors_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sit_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
snortreport_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
solarwinds_store_manager_auth_filter.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sonicwall_gms_upload.rb
40% done
2017-08-28 20:17:58 -04:00
sonicwall_scrutinizer_methoddetail_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
splunk_mappy_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
splunk_upload_app_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
spree_search_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
spree_searchlogic_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts2_content_type_ognl.rb
40% done
2017-08-28 20:17:58 -04:00
struts2_rest_xstream.rb
update versions and add quick module docs
2017-09-08 13:59:29 -05:00
struts_code_exec_classloader.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_code_exec_exception_delegator.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_code_exec_parameters.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_default_action_mapper.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_dev_mode.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_dmi_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_dmi_rest_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
struts_include_params.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
stunshell_eval.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
stunshell_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sun_jsws_dav_options.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sysaid_auth_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sysaid_rdslogs_file_upload.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
testlink_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tomcat_jsp_upload_bypass.rb
more style cleanup for tomcat_jsp_upload_bypass
2017-10-11 15:53:35 -05:00
tomcat_mgr_deploy.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tomcat_mgr_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
traq_plugin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
trendmicro_threat_discovery_admin_sys_time_cmdi.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
uptime_file_upload_1.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
uptime_file_upload_2.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
v0pcr3w_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vbseo_proc_deutf.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vbulletin_unserialize.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
visual_mining_netcharts_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vtiger_install_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vtiger_php_exec.rb
Minor tweaks...
2017-09-08 10:04:47 -05:00
vtiger_soap_upload.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
webnms_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
webpagetest_upload_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
werkzeug_debug_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wikka_spam_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
wp_ninja_forms_unauthenticated_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
x7chat2_php_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
zabbix_script_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
zemra_panel_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
zenworks_configuration_management_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
zenworks_control_center_upload.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
zpanel_information_disclosure_rce.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00