adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ccda4b567d7238dcd857e1eb249c9cbbe8726c3
metasploit-gs/modules/exploits/linux/http
T
History
Onur ER 5ccda4b567 Added Pandora FMS 7.0NG exploit 
Pandora FMS (for Pandora Flexible Monitoring System) is software for
monitoring computer networks. Pandora FMS allows monitoring in a visual
way the status and performance of several parameters from different
operating systems, servers, applications and hardware systems such
as firewalls, proxies, databases, web servers or routers.

This module exploits a vulnerability found in Pandora FMS 7.0 NG and lower.
The vulnerability exists on the `net_tools.php` component, due to the insecure
usage of the `system()` PHP function.
2020-03-19 22:50:00 +03:00
..
accellion_fta_getstatus_oauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
advantech_switch_bash_env_exec.rb
Land #10570, AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
airties_login_cgi_bof.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
alcatel_omnipcx_mastercgi_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
alienvault_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
alienvault_sqli_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
apache_continuum_cmd_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
apache_couchdb_cmd_exec.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
astium_sqli_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
asuswrt_lan_rce.rb
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
atutor_filemanager_traversal.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
axis_srv_parhand_rce.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
belkin_login_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
centreon_sqli_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
centreon_useralias_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cfme_manageiq_evm_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cisco_firepower_useradd.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cisco_prime_inf_rce.rb
Add warning about JSP deletion
2018-11-05 00:52:34 +09:00
cisco_rv32x_rce.rb
Unregister SSLCert option since it is never used in thisHTTPServer module.
2019-03-20 14:21:40 +01:00
cisco_ucs_rce.rb
make some adjustments
2019-08-29 19:49:37 +07:00
cpi_tararchive_upload.rb
update checkcode
2019-06-18 15:58:57 -05:00
crypttech_cryptolog_login_exec.rb
40% done
2017-08-28 20:17:58 -04:00
cve_2019_1663_cisco_rmi_rce.rb
Deprecate/delete cisco_rv130_rmi_rce by alias
2019-08-30 12:03:43 -05:00
dcos_marathon.rb
40% done
2017-08-28 20:17:58 -04:00
ddwrt_cgibin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
denyall_waf_exec.rb
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
dlink_authentication_cgi_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_command_php_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dcs931l_upload.rb
revisionism
2019-01-10 19:19:14 +00:00
dlink_dcs_930l_authenticated_remote_command_execution.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_diagnostic_exec_noauth.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
dlink_dir300_exec_telnet.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir605l_captcha_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir615_up_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir850l_unauth_exec.rb
Clean up module
2017-11-10 18:15:22 -06:00
dlink_dsl2750b_exec_noauth.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dlink_dspw110_cookie_noauth_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dspw215_info_cgi_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_hedwig_cgi_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_hnap_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_hnap_header_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_hnap_login_bof.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dlink_upnp_exec_noauth.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
dnalims_admin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
docker_daemon_tcp.rb
bypass user namespaces
2017-11-15 15:14:58 +01:00
dolibarr_cmd_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dreambox_openpli_shell.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
efw_chpasswd_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
empire_skywalker.rb
Add applicable notes to my exploit modules
2018-10-27 20:54:14 -04:00
esva_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
f5_icall_cmd.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
f5_icontrol_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
foreman_openstack_satellite_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
fritzbox_echo_exec.rb
Update CVE references for exploit modules
2018-07-08 18:46:04 -05:00
github_enterprise_secret.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gitlist_exec.rb
40% done
2017-08-28 20:17:58 -04:00
goahead_ldpreload.rb
Small tweaks based on @bcoles feedback. Thanks!
2017-12-29 16:17:53 -06:00
goautodial_3_rce_command_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gpsd_format_string.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
groundwork_monarch_cmd_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hadoop_unauth_exec.rb
Fix whitespace
2019-08-07 22:44:38 -05:00
hp_system_management.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hp_van_sdn_cmd_inject.rb
Update my modules
2019-06-24 13:38:14 -05:00
huawei_hg532n_cmdinject.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
ibm_qradar_unauth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
imperva_securesphere_exec.rb
Fix required USERNAME and PASSWORD
2019-03-05 21:57:42 -06:00
ipfire_bashbug_exec.rb
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
ipfire_oinkcode_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
ipfire_proxy_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
kaltura_unserialize_cookie_rce.rb
Use stylistic suggestions from rubocop
2017-11-21 14:30:13 +01:00
kaltura_unserialize_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
kloxo_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
librenms_addhost_cmd_inject.rb
Update date format
2019-06-04 12:24:00 -05:00
librenms_collectd_cmd_inject.rb
add default payload, check login
2019-08-13 13:39:15 -05:00
lifesize_uvc_ping_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_apply_cgi.rb
40% done
2017-08-28 20:17:58 -04:00
linksys_e1500_apply_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_themoon_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_wrt54gl_apply_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
linksys_wrt110_cmd_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
linksys_wrt160nv2_apply_exec.rb
40% done
2017-08-28 20:17:58 -04:00
linksys_wvbr0_user_agent_exec_noauth.rb
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
logsign_exec.rb
40% done
2017-08-28 20:17:58 -04:00
mailcleaner_exec.rb
Remove duplicate CVE for Mailcleaner module
2019-04-02 12:51:09 -05:00
microfocus_secure_messaging_gateway.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
multi_ncc_ping_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
mutiny_frontend_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mvpower_dvr_shell_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
nagios_xi_chained_rce_2_electric_boogaloo.rb
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 04:22:11 +00:00
nagios_xi_chained_rce.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
nagios_xi_magpie_debug.rb
Change file name
2019-06-25 16:10:44 -05:00
netgear_dgn1000_setup_unauth_exec.rb
Clean up module
2017-11-10 18:15:22 -06:00
netgear_dgn1000b_setup_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_dgn2200b_pppoe_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_dnslookup_cmd_exec.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
netgear_r7000_cgibin_exec.rb
fix msftidy errors
2018-08-28 13:12:43 +02:00
netgear_readynas_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_unauth_exec.rb
Fixing indentation.
2018-11-12 13:24:00 +08:00
netgear_wnr2000_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
nginx_chunked_size.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nuuo_nvrmini_auth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
nuuo_nvrmini_unauth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
op5_config_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openfiler_networkcard_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
pandora_fms_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pandora_fms_sqli.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
pandora_ping_cmd_exec.rb
Added Pandora FMS 7.0NG exploit
2020-03-19 22:50:00 +03:00
panos_readsessionvars.rb
return unless res
2019-03-23 08:51:25 +00:00
peercast_url.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_imap_open_rce.rb
horde imp h3 imap_open
2019-01-18 19:43:45 -05:00
pineapp_ldapsyncnow_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pineapp_livelog_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pineapp_test_li_conn_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
pineapple_bypass_cmdinject.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
pineapple_preconfig_cmdinject.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
piranha_passwd_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
qnap_qcenter_change_passwd_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
raidsonic_nas_ib5220_exec_noauth.rb
Remove CommandShell mixin in exploits
2018-12-12 15:43:13 -06:00
railo_cfml_rfi.rb
40% done
2017-08-28 20:17:58 -04:00
rancher_server.rb
Payload space, error handling and style"
2017-10-07 01:12:24 +02:00
realtek_miniigd_upnp_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
riverbed_netprofiler_netexpress_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
samsung_srv_1670d_upload_exec.rb
Update module and add documentation
2018-01-10 20:13:42 -06:00
seagate_nas_php_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
smt_ipmi_close_window_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sophos_wpa_iface_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
sophos_wpa_sblistpack_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
spark_unauth_rce.rb
Add Imran Rashid to CVE-2018-11770 credit
2019-01-14 15:28:08 -06:00
supervisor_xmlrpc_exec.rb
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
symantec_messaging_gateway_exec.rb
40% done
2017-08-28 20:17:58 -04:00
symantec_web_gateway_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_file_upload.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
symantec_web_gateway_lfi.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_pbcontrol.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_restore.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
synology_dsm_sliceupload_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tiki_calendar_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tp_link_sc2020n_authenticated_telnet_injection.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
tr064_ntpserver_cmdinject.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
trend_micro_imsva_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
trendmicro_imsva_widget_exec.rb
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
trendmicro_sps_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
trueonline_billion_5200w_rce.rb
add cve to billion module
2019-06-08 17:37:05 +07:00
trueonline_p660hn_v1_rce.rb
add cve to p660hn v1
2019-06-08 17:38:44 +07:00
trueonline_p660hn_v2_rce.rb
add cve to trueonline v2
2019-06-08 17:41:04 +07:00
ubiquiti_airos_file_upload.rb
Add new moved_from to moved module
2019-08-22 17:58:20 -05:00
ueb_api_rce.rb
ueb priv esc suggestion
2019-01-09 20:28:53 -05:00
vap2500_tools_command_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vcms_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wanem_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
wd_mycloud_multiupload_upload.rb
add cve reference
2017-12-13 18:50:21 -06:00
webcalendar_settings_exec.rb
40% done
2017-08-28 20:17:58 -04:00
webid_converter.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
webmin_packageup_rce.rb
modified version check
2019-06-19 08:31:48 -05:00
wipg1000_cmd_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
xplico_exec.rb
Updatig documentation and tweaking initiate_session
2017-11-15 01:04:06 +03:00
zabbix_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
zen_load_balancer_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
zenoss_showdaemonxmlconfig_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
zimbra_xxe_rce.rb
Fix words because words...
2019-04-01 17:21:23 -05:00