adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39a5d710aaeaf7039b15f27c2e9815613de75d0e
metasploit-gs/modules/exploits/linux/http
T
History
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
2025-04-30 00:24:25 +02:00
..
accellion_fta_getstatus_oauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
acronis_cyber_infra_cve_2023_45249.rb
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
advantech_switch_bash_env_exec.rb
tests passing
2023-04-04 10:24:09 +01:00
airties_login_cgi_bof.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
alcatel_omnipcx_mastercgi_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
alienvault_exec.rb
Making SSH defaults widely used
2022-04-14 17:27:19 +02:00
alienvault_sqli_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
apache_airflow_dag_rce.rb
Move module and documentation from multi/http to linux/http
2023-09-17 22:42:26 +08:00
apache_continuum_cmd_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
apache_couchdb_cmd_exec.rb
Update modules/exploits/linux/http/apache_couchdb_cmd_exec.rb
2023-04-07 09:55:00 +09:00
apache_druid_js_rce.rb
Modules: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:42:23 +00:00
apache_hugegraph_gremlin_rce.rb
Update modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb
2024-08-13 08:48:33 -07:00
apache_nifi_h2_rce.rb
review comments
2023-08-28 17:39:02 -04:00
apache_ofbiz_deserialization_soap.rb
remove spare comma
2021-04-05 09:33:20 -05:00
apache_ofbiz_deserialization.rb
fix ofbiz auto detection
2024-02-06 16:45:02 -05:00
apache_solr_backup_restore.rb
Rubocop, when will I learn
2024-04-04 13:41:08 -07:00
apache_spark_rce_cve_2022_33891.rb
add curl cmd stager flavor
2022-09-07 12:45:13 -05:00
apache_superset_cookie_sig_rce.rb
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
appsmith_rce_cve_2024_55964.rb
Rubocop formatting after applied suggestions
2025-04-07 21:03:58 +09:00
artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
artica_proxy_unauth_rce_cve_2024_2054.rb
module and documentation updates based on review comments (bwatters-r7/cgranleese-r7)
2024-03-21 16:13:55 +00:00
astium_sqli_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
asuswrt_lan_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
atutor_filemanager_traversal.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
axis_app_install.rb
Run rubocop on exploit modules
2023-02-08 15:20:32 +00:00
axis_srv_parhand_rce.rb
Fix typo
2021-04-30 23:29:24 -05:00
belkin_login_bof.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
bentoml_rce_cve_2025_27520.rb
Update modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb
2025-04-16 22:05:04 +09:00
bentoml_runner_server_rce_cve_2025_32375.rb
Fix after applied suggestions (escape ')
2025-04-22 21:57:05 +09:00
beyondtrust_pra_rs_unauth_rce.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
bitbucket_git_cmd_injection.rb
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
bludit_upload_images_exec.rb
Fix typos and format
2019-11-11 14:47:56 -06:00
cacti_unauthenticated_cmd_injection.rb
specify command stager flavors
2023-01-23 11:53:19 -06:00
cayin_cms_ntp.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
centreon_pollers_auth_rce.rb
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
centreon_sqli_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
centreon_useralias_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
cfme_manageiq_evm_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
chamilo_bigupload_webshell.rb
Responded to comments
2024-11-14 10:46:11 -08:00
chamilo_unauth_rce_cve_2023_34960.rb
Final minor updates
2023-08-23 11:38:07 +00:00
chaos_rat_xss_to_rce.rb
review of chaos rat
2024-05-13 16:55:43 -04:00
cisco_asax_sfr_rce.rb
Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup.
2022-09-02 08:44:04 -07:00
cisco_firepower_useradd.rb
Making SSH defaults widely used
2022-04-14 17:27:19 +02:00
cisco_hyperflex_file_upload_rce.rb
Fix for file clean up in the Cisco Hyperflex file upload RCE module
2021-07-30 14:59:52 -04:00
cisco_hyperflex_hx_data_platform_cmd_exec.rb
Backport print changes to recent modules
2021-07-08 21:26:35 -05:00
cisco_prime_inf_rce.rb
fix cisco advisory links
2022-01-13 18:55:39 +00:00
cisco_rv32x_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
cisco_rv340_lan.rb
Modified BadChars and FailWith codes
2023-02-13 17:49:09 -05:00
cisco_rv_series_authbypass_and_rce.rb
Added exploit for CVE-2021-1472/CVE-2021-1473
2022-01-29 18:56:53 -08:00
cisco_ucs_cloupia_script_rce.rb
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
cisco_ucs_rce.rb
Add the missing full disclosure URL reference
2022-02-01 17:06:37 -05:00
control_web_panel_login_cmd_exec.rb
Fix a typo
2023-01-25 13:45:18 -05:00
cpi_tararchive_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
craftcms_ftp_template.rb
Responded to comments
2025-01-15 09:22:44 -08:00
craftcms_preauth_rce_cve_2025_32432.rb
Refactor module: modularization, session-path leak, randomized key, improved check
2025-04-30 00:24:25 +02:00
craftcms_unauth_rce_cve_2023_41892.rb
Final update to the module based on cdelafuente-r7 comments
2023-12-21 12:06:21 +00:00
crypttech_cryptolog_login_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
cve_2019_1663_cisco_rmi_rce.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
dcos_marathon.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
ddwrt_cgibin_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
denyall_waf_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_authentication_cgi_bof.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
dlink_command_php_exec_noauth.rb
Fixes some invalid links
2025-02-28 11:29:59 +00:00
dlink_dcs931l_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dcs_930l_authenticated_remote_command_execution.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_diagnostic_exec_noauth.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
dlink_dir300_exec_telnet.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dir605l_captcha_bof.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dir615_up_exec.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
dlink_dir850l_unauth_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dsl2750b_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dspw110_cookie_noauth_exec.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
dlink_dspw215_info_cgi_bof.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_dwl_2600_command_injection.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
dlink_hedwig_cgi_bof.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
dlink_hnap_bof.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_hnap_header_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dlink_hnap_login_bof.rb
Suggestion and rubocop fixes
2024-09-05 08:49:32 -07:00
dlink_upnp_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dnalims_admin_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
docker_daemon_tcp.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dolibarr_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dreambox_openpli_shell.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
dtale_rce_cve_2025_0655.rb
Update function name after applied suggestion
2025-03-07 08:05:00 +09:00
efw_chpasswd_exec.rb
Modules: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:42:23 +00:00
elfinder_archive_cmd_injection.rb
check contents of json after attempted upload
2021-09-14 11:36:28 -05:00
empire_skywalker.rb
Change all instance of staging_key to @staging_key
2024-07-31 12:54:09 +09:00
eramba_rce.rb
Addressing comments
2025-03-20 20:46:38 +01:00
esva_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
eyesofnetwork_autodiscovery_rce.rb
reduces code duplication
2023-04-04 10:27:11 +01:00
f5_bigip_tmui_rce_cve_2020_5902.rb
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
f5_bigip_tmui_rce_cve_2023_46747.rb
Fix a stability issue with the module
2023-11-02 17:10:20 -04:00
f5_icall_cmd.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
f5_icontrol_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
f5_icontrol_rce.rb
Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times.
2022-05-11 16:43:37 -05:00
f5_icontrol_rest_ssrf_rce.rb
Clean up f5_icontrol_rest_ssrf_rce
2021-06-02 20:32:47 -05:00
f5_icontrol_rpmspec_rce_cve_2022_41800.rb
Remove non-functioning Arch'es
2022-11-23 10:42:07 -08:00
f5_icontrol_soap_csrf_rce_cve_2022_41622.rb
remove CmdStager inclusion
2022-11-18 16:18:25 -06:00
flir_ax8_unauth_rce_cve_2022_37061.rb
updated module with code suggestions space-r7
2022-10-25 16:38:15 +00:00
foreman_openstack_satellite_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
fortinac_keyupload_file_write.rb
Correct architecture and do final fixes
2023-03-13 15:46:42 -05:00
fortinet_authentication_bypass_cve_2022_40684.rb
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
fritzbox_echo_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
froxlor_log_path_rce.rb
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
geutebruck_cmdinject_cve_2021_335xx.rb
Fixes some invalid links
2025-02-28 11:29:59 +00:00
geutebruck_instantrec_bof.rb
Fixes some invalid links
2025-02-28 11:29:59 +00:00
geutebruck_testaction_exec.rb
Fixes some invalid links
2025-02-28 11:29:59 +00:00
github_enterprise_secret.rb
Update uses of open ssl
2021-08-10 15:40:23 +01:00
gitlist_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
glinet_unauth_rce_cve_2023_50445.rb
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
glpi_htmlawed_php_injection.rb
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
goahead_ldpreload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
goautodial_3_rce_command_injection.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
gpsd_format_string.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb
Add support for GXV3140 models and ARCH_CMD busybox telnetd payload
2022-01-29 19:38:57 +00:00
grandstream_ucm62xx_sendemail_rce.rb
Minor langauge fix and final typo
2022-01-24 21:01:34 -06:00
gravcms_exec.rb
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
groundwork_monarch_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
h2_webinterface_rce.rb
review comments
2023-08-08 17:15:22 -04:00
hadoop_unauth_exec.rb
Link Hadoop YARN exploit to documentation
2023-02-15 21:17:26 +01:00
hikvision_cve_2021_36260_blind.rb
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
hp_system_management.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
hp_van_sdn_cmd_inject.rb
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
huawei_hg532n_cmdinject.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
ibm_drm_rce.rb
Add module notes
2023-02-08 15:46:07 +00:00
ibm_qradar_unauth_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
imperva_securesphere_exec.rb
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
invoiceninja_unauth_rce_cve_2024_55555.rb
fixed invalid attackerkb reference
2025-03-14 08:23:10 +00:00
invoiceshelf_unauth_rce_cve_2024_55556.rb
update based on review comments
2025-03-14 08:04:22 +00:00
invokeai_rce_cve_2024_12029.rb
Update modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb
2025-02-18 21:21:19 +09:00
ipfire_bashbug_exec.rb
tests passing
2023-04-04 10:24:09 +01:00
ipfire_oinkcode_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
ipfire_pakfire_exec.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
ipfire_proxy_exec.rb
Add https prefix to module URL references
2024-04-17 13:00:41 +01:00
ivanti_connect_secure_rce_cve_2023_46805.rb
use get_json_document instead of JSON.parse
2024-01-18 15:35:43 +00:00
ivanti_connect_secure_rce_cve_2024_21893.rb
remove the linux and unix targets in favor of a single automatic target
2024-02-09 09:26:08 +00:00
ivanti_connect_secure_rce_cve_2024_37404.rb
Add comment explaining payload architecture restraints
2024-12-03 18:33:43 -08:00
ivanti_csa_unauth_rce_cve_2021_44529.rb
Apply fixes per code review
2023-01-17 12:44:22 -06:00
ivanti_sentry_misc_log_service.rb
Thanks to Spencer improved execute_command method
2023-09-12 15:14:10 -04:00
jenkins_cli_deserialization.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
judge0_sandbox_escape_cve_2024_28189.rb
Add Judge0 module and document
2024-11-20 14:15:38 -08:00
kafka_ui_unauth_rce_cve_2023_52251.rb
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
kaltura_unserialize_cookie_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
kaltura_unserialize_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
kibana_timelion_prototype_pollution_rce.rb
review comments
2023-09-01 20:34:35 -04:00
kibana_upgrade_assistant_telemetry_rce.rb
kibana telemetry rce rewritten to use fetch payloads
2023-10-06 09:55:10 -04:00
klog_server_authenticate_user_unauth_command_injection.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
kloxo_sqli.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
lexmark_faxtrace_settings.rb
rubocop
2023-09-06 15:47:54 -04:00
librenms_addhost_cmd_inject.rb
Update date format
2019-06-04 12:24:00 -05:00
librenms_authenticated_rce_cve_2024_51092.rb
Fix after applied suggestion
2025-01-20 21:24:16 +09:00
librenms_collectd_cmd_inject.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
lifesize_uvc_ping_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
linear_emerge_unauth_rce_cve_2019_7256.rb
Fix up missing option in documentation and also add some additional validation on server response.
2023-01-04 17:02:05 -06:00
linksys_apply_cgi.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
linksys_e1500_apply_exec.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
linksys_themoon_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
linksys_wrt54gl_apply_exec.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
linksys_wrt110_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
linksys_wrt160nv2_apply_exec.rb
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
linksys_wvbr0_user_agent_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
linuxki_rce.rb
Add module notes
2023-02-08 15:46:07 +00:00
logsign_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
lucee_admin_imgprocess_file_write.rb
Add Lucee Administrator CVE-2021-21307 exploit
2021-08-16 10:09:34 -05:00
magento_xxe_to_glibc_buf_overflow.rb
Added http_server cleanup
2024-10-15 10:28:39 -07:00
magnusbilling_unauth_rce_cve_2023_30258.rb
third release module with minor text changes
2023-10-31 09:29:13 +00:00
mailcleaner_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
majordomo_cmd_inject_cve_2023_50917.rb
Add suggested changes
2023-12-22 00:04:54 +01:00
metabase_setup_token_rce.rb
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
microfocus_obr_cmd_injection.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
microfocus_secure_messaging_gateway.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
mida_solutions_eframework_ajaxreq_rce.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
mobileiron_core_log4shell.rb
Remove superfluous code and add extra check
2022-08-02 11:04:13 -05:00
mobileiron_mdm_hessian_rce.rb
Randomize strings
2021-01-22 16:15:16 -06:00
moodle_rce.rb
updated
2024-11-13 03:40:22 +00:00
multi_ncc_ping_exec.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
mutiny_frontend_upload.rb
fix URLs not resolving
2022-02-16 17:22:40 -06:00
mvpower_dvr_shell_exec.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
nagios_xi_autodiscovery_webshell.rb
PR Review Changes for optimizing the nagiosxi modules
2023-04-01 14:28:37 +05:30
nagios_xi_chained_rce_2_electric_boogaloo.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
nagios_xi_chained_rce.rb
Update form data api defaults
2022-05-10 14:12:17 +01:00
nagios_xi_configwizards_authenticated_rce.rb
PR Review Changes for optimizing the nagiosxi modules
2023-04-01 14:28:37 +05:30
nagios_xi_magpie_debug.rb
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 07:13:55 +00:00
nagios_xi_mibs_authenticated_rce.rb
PR Review Changes for optimizing the nagiosxi modules
2023-04-01 14:28:37 +05:30
nagios_xi_plugins_check_plugin_authenticated_rce.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
nagios_xi_plugins_filename_authenticated_rce.rb
PR Review Changes for optimizing the nagiosxi modules
2023-04-01 14:28:37 +05:30
nagios_xi_snmptrap_authenticated_rce.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
netalertx_rce_cve_2024_46506.rb
Use BadChars and Base64Decoder
2025-02-11 11:25:24 +09:00
netgear_dgn1000_setup_unauth_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
netgear_dgn1000b_setup_exec.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
netgear_dgn2200b_pppoe_exec.rb
Removed "ssl_restore = true"
2024-07-26 17:30:25 +02:00
netgear_dnslookup_cmd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
netgear_r7000_cgibin_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
netgear_readynas_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
netgear_unauth_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
netgear_wnr2000_rce.rb
msftidy: Fix exploit module checks for author and stack buffer overflow
2021-02-13 04:10:13 +00:00
netis_unauth_rce_cve_2024_22729.rb
Update addressing cdelafuente-r7 comments
2024-06-12 18:57:29 +00:00
netis_unauth_rce_cve_2024_48456_and_48457.rb
Added attackerkb references
2025-01-07 20:33:41 +00:00
netsweeper_webadmin_unixlogin.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
nexus_repo_manager_el_injection.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
nginx_chunked_size.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
nuuo_nvrmini_auth_rce.rb
fix NUUO advisory links
2022-01-13 18:54:56 +00:00
nuuo_nvrmini_unauth_rce.rb
fix NUUO advisory links
2022-01-13 18:54:56 +00:00
op5_config_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
openfiler_networkcard_exec.rb
Adds scripts to find and replace dead module reference links
2025-02-28 09:20:48 +00:00
openmetadata_auth_bypass_rce.rb
changed check to Appears when vulnerable
2024-08-06 21:00:06 +00:00
opennms_horizon_authenticated_rce.rb
rubocop
2024-03-20 11:39:19 -07:00
opentsdb_key_cmd_injection.rb
add opentsdb_key_cmd_injection exploit module
2023-09-07 17:29:16 +03:00
opentsdb_yrange_cmd_injection.rb
Make rubocop happy
2022-12-23 13:38:16 +01:00
optergy_bms_backdoor_rce_cve_2019_7276.rb
updated module and documentation with SUDO option
2023-03-26 18:31:25 +00:00
oracle_ebs_rce_cve_2022_21587.rb
Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587
2023-02-21 18:02:10 +00:00
paloalto_expedition_rce.rb
fixed typo
2024-11-12 15:15:15 +00:00
pandora_fms_auth_rce_cve_2024_11320.rb
updated with correct privileged setting
2024-12-23 19:45:29 +00:00
pandora_fms_auth_rce_cve_2024_12971.rb
update based on reviewer suggestions
2025-04-07 14:29:51 +00:00
pandora_fms_events_exec.rb
Add module notes
2023-02-08 15:46:07 +00:00
pandora_fms_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pandora_fms_sqli.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
pandora_ping_cmd_exec.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
panos_management_unauth_rce.rb
use the HttpClient cookie jar. Thank you @jheysel-r7 for this improvement.
2024-12-17 17:47:00 +00:00
panos_op_cmd_exec.rb
string true to bool true
2022-10-03 19:50:04 -04:00
panos_readsessionvars.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
panos_telemetry_cmd_exec.rb
Addressing msftidy issues
2024-04-18 18:34:18 -05:00
peercast_url.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
php_imap_open_rce.rb
trade URI.encode & URI.escape for Ruby 3
2021-11-22 14:11:03 -06:00
pineapp_ldapsyncnow_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pineapp_livelog_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pineapp_test_li_conn_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pineapple_bypass_cmdinject.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
pineapple_preconfig_cmdinject.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
piranha_passwd_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
progress_flowmon_unauth_cmd_injection.rb
Change xml to html in get_html_document
2024-05-28 16:29:55 -04:00
progress_kemp_loadmaster_unauth_cmd_injection.rb
Add vulnerable versions and fix indention
2024-04-26 17:36:50 -05:00
projectsend_unauth_rce.rb
Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo
2024-12-11 13:54:06 +00:00
pulse_secure_cmd_exec.rb
Revert "remove ruby pulse_secure_cmd_exec"
2020-11-09 20:09:12 -05:00
pulse_secure_gzip_rce.rb
Fix Gem::Package NameError with Rex::Tar::Writer
2021-04-12 18:50:31 -05:00
pyload_js2py_cve_2024_39205.rb
Rubocop
2024-11-14 12:47:35 -08:00
pyload_js2py_exec.rb
Add module docs
2023-02-15 16:29:42 -05:00
qnap_qcenter_change_passwd_exec.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
qnap_qts_rce_cve_2023_47218.rb
Docs plus minor edits
2024-02-15 17:12:11 -05:00
raidsonic_nas_ib5220_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
railo_cfml_rfi.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
rancher_server.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
raspberrymatic_unauth_rce_cve_2024_24578.rb
added default options and updated documentation
2025-02-20 13:19:41 -06:00
ray_agent_job_rce.rb
Update modules/exploits/linux/http/ray_agent_job_rce.rb
2024-08-21 21:38:37 +09:00
ray_cpu_profile_cmd_injection_cve_2023_6019.rb
Update check function
2024-08-21 22:32:53 +09:00
rconfig_ajaxarchivefiles_rce.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
rconfig_vendors_auth_file_upload_rce.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
realtek_miniigd_upnp_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
riverbed_netprofiler_netexpress_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
roxy_wi_exec.rb
Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments
2022-07-25 13:05:04 -05:00
saltstack_salt_api_cmd_exec.rb
Remove unused vprint_status conditional
2020-12-09 22:45:41 -06:00
saltstack_salt_wheel_async_rce.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
samsung_srv_1670d_upload_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
seagate_nas_php_exec_noauth.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
selenium_greed_chrome_rce_cve_2022_28108.rb
chore: removing PAYLOAD from DefaultOptions
2025-01-07 10:47:04 +01:00
selenium_greed_firefox_rce_cve_2022_28108.rb
chore: removing PAYLOAD from DefaultOptions
2025-01-08 13:04:08 +09:00
smt_ipmi_close_window_bof.rb
fix URLs not resolving
2022-02-16 17:22:40 -06:00
solarview_unauth_rce_cve_2023_23333.rb
Apply grammatical suggestions from code review
2023-09-05 17:06:01 -04:00
sonicwall_cve_2021_20039.rb
Added the AttackerKB analysis
2022-01-11 03:17:45 -08:00
sophos_utm_webadmin_sid_cmd_injection.rb
Switch to the new Rex stopwatch function
2021-11-16 10:12:57 -05:00
sophos_wpa_iface_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sophos_wpa_sblistpack_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
sourcegraph_gitserver_sshcmd.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
spark_unauth_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
spring_cloud_gateway_rce.rb
Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs
2022-10-12 11:19:47 -05:00
suitecrm_log_file_rce.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
supervisor_xmlrpc_exec.rb
Modules: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:42:23 +00:00
symantec_messaging_gateway_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
symantec_web_gateway_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
symantec_web_gateway_file_upload.rb
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
symantec_web_gateway_lfi.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
symantec_web_gateway_pbcontrol.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
symantec_web_gateway_restore.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
symmetricom_syncserver_rce.rb
add exploit rank
2023-06-13 17:05:30 -05:00
synology_dsm_sliceupload_exec_noauth.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
synology_dsm_smart_exec_auth.rb
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
terramaster_unauth_rce_cve_2020_35665.rb
Updates based on space-r7 comments
2023-06-08 07:39:44 +00:00
terramaster_unauth_rce_cve_2021_45837.rb
Latest updates based on reviewers comments
2023-06-08 21:25:40 +00:00
terramaster_unauth_rce_cve_2022_24990.rb
Updates based on review comments from space-r7 and jvoisin
2023-06-12 19:28:08 +00:00
tiki_calendar_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
totolink_unauth_rce_cve_2023_30013.rb
Updates addressing cdelafuente-r7 comments
2023-09-20 22:14:48 +00:00
tp_link_ncxxx_bonjour_command_injection.rb
Add in missing RuboCop note sections
2022-04-19 16:40:57 -05:00
tp_link_sc2020n_authenticated_telnet_injection.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
tr064_ntpserver_cmdinject.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
traccar_rce_upload.rb
Remove jsessionid parsing now that keep_cookies is being used
2024-09-23 18:12:01 -04:00
trend_micro_imsva_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
trendmicro_imsva_widget_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
trendmicro_sps_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
trendmicro_websecurity_exec.rb
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
trueonline_billion_5200w_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
trueonline_p660hn_v1_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
trueonline_p660hn_v2_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
ubiquiti_airos_file_upload.rb
Add error_callback to SSH Command Stream
2024-11-25 16:43:59 +00:00
ueb_api_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
unraid_auth_bypass_exec.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
vap2500_tools_command_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
vcms_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
vestacp_exec.rb
Suggestion and rubocop fixes
2024-09-05 08:49:32 -07:00
vinchin_backup_recovery_cmd_inject.rb
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
2023-11-28 08:10:56 +01:00
vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
addressed code improvement suggestions
2022-11-12 10:21:43 +00:00
vmware_vcenter_analytics_file_upload.rb
Comment path traversals
2021-10-20 14:16:46 -05:00
vmware_vcenter_vsan_health_rce.rb
Fix edge case in method overloading
2021-07-12 20:29:56 -05:00
vmware_view_planner_4_6_uploadlog_rce.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
vmware_vrli_rce.rb
Update other modules to use java_class_loader_start_service and cmdstager_start_service
2024-06-14 12:57:42 +02:00
vmware_vrni_rce_cve_2023_20887.rb
Rubocop fixes
2023-07-20 16:40:28 -04:00
vmware_vrops_mgr_ssrf_rce.rb
Update vmware_vrops_mgr_ssrf_rce documentation
2021-05-06 18:30:20 -05:00
vmware_workspace_one_access_cve_2022_22954.rb
Deregister VHOST
2022-05-03 11:52:50 -05:00
vmware_workspace_one_access_vmsa_2022_0011_chain.rb
Added missing require builder statement
2023-04-18 18:10:46 -04:00
wanem_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
watchguard_firebox_unauth_rce_cve_2022_26318.rb
update addressing jheysel-r7 comments
2024-03-28 08:43:08 +00:00
wd_mycloud_multiupload_upload.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wd_mycloud_unauthenticated_cmd_injection.rb
code review fixes for wd_mycloud_unauthenticated_cmd_injection
2023-07-27 23:09:50 +03:00
webcalendar_settings_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
webid_converter.rb
Updates more dead links
2025-02-28 10:30:14 +00:00
webmin_backdoor.rb
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
webmin_file_manager_rce.rb
Remove unused mix in, add low bound to check
2022-11-01 10:42:43 -05:00
webmin_package_updates_rce.rb
Fix from code review
2022-08-09 15:09:25 +02:00
webmin_packageup_rce.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
wepresent_cmd_injection.rb
Fix up last of the module that had incorrect disclosure dates
2020-10-07 12:09:35 -05:00
wipg1000_cmd_injection.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
xplico_exec.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
zabbix_sqli.rb
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
zen_load_balancer_exec.rb
Adds scripts to find and replace dead module reference links
2025-02-28 09:20:48 +00:00
zenoss_showdaemonxmlconfig_exec.rb
Adds scripts to find and replace dead module reference links
2025-02-28 09:20:48 +00:00
zimbra_cpio_cve_2022_41352.rb
Fix an issue where the session handler would close too early on Zimbra modules
2022-11-23 13:09:47 -08:00
zimbra_mboximport_cve_2022_27925.rb
Add in changes from review
2022-08-23 11:44:03 -05:00
zimbra_unrar_cve_2022_30333.rb
Remove unecessary return statement
2022-12-06 15:07:28 +01:00
zimbra_xxe_rce.rb
Fix words because words...
2019-04-01 17:21:23 -05:00
zyxel_lfi_unauth_ssh_rce.rb
Update rubocop target ruby version
2024-07-24 16:47:17 +01:00
zyxel_parse_config_rce.rb
Apply suggestions from code review
2024-07-03 13:51:50 -04:00
zyxel_ztp_rce.rb
Add in edits from review
2022-05-13 15:32:12 -05:00