adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd6a45fffa15fde7d6a7808ae3fdf346b3f2a8db
metasploit-gs/modules/exploits/multi/http
T
History
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR 
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
..
activecollab_chat.rb
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
ajaxplorer_checkinstall_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
apprain_upload_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
auxilium_upload_exec.rb
Fix requires for PhpEXE
2013-06-19 16:27:59 -05:00
axis2_deployer.rb
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
cuteflow_upload_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
eaton_nsm_code_exec.rb
Fix requires for PhpEXE
2013-06-19 16:27:59 -05:00
extplorer_upload_exec.rb
regex to check version fixed
2013-01-09 23:48:55 +01:00
familycms_less_exec.rb
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
freenas_exec_raw.rb
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
gitorious_graph.rb
fix formatting
2013-06-20 10:41:14 -05:00
glassfish_deployer.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
glossword_upload_exec.rb
added missing comma
2013-05-16 18:59:46 +02:00
horde_href_backdoor.rb
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
hp_sitescope_uploadfileshandler.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
hp_sys_mgmt_exec.rb
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
jboss_bshdeployer.rb
up to date
2013-06-24 11:57:11 -05:00
jboss_deploymentfilerepository.rb
up to date
2013-06-24 11:57:11 -05:00
jboss_invoke_deploy.rb
Fix file header comment
2013-03-07 17:53:19 -06:00
jboss_maindeployer.rb
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
jenkins_script_console.rb
Fix file header comment
2013-03-07 17:53:19 -06:00
kordil_edms_upload_exec.rb
Add a few more references for those without
2013-05-16 14:32:02 -05:00
lcms_php_exec.rb
Add normalize_uri to modules that may have
2012-11-08 17:42:48 +01:00
log1cms_ajax_create_folder.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
manageengine_search_sqli.rb
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
mobilecartly_upload_exec.rb
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
movabletype_upgrade_exec.rb
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
mutiny_subnetmask_exec.rb
change print location
2013-03-07 19:15:40 +01:00
netwin_surgeftp_exec.rb
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
op5_license.rb
Add normalize_uri to modules that may have
2012-11-08 17:42:48 +01:00
op5_welcome.rb
Add normalize_uri to modules that may have
2012-11-08 17:42:48 +01:00
openfire_auth_bypass.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
openx_backdoor_php.rb
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
php_cgi_arg_injection.rb
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
php_volunteer_upload_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
phpldapadmin_query_engine.rb
Fix [SeeRM #8239] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
phpmyadmin_3522_backdoor.rb
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
phpmyadmin_preg_replace.rb
Whitespace and change default user
2013-04-27 10:39:27 +01:00
phpscheduleit_start_date.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
phptax_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
plone_popen2.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
pmwiki_pagelist.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
polarcms_upload_exec.rb
Fix requires for PhpEXE
2013-06-19 16:27:59 -05:00
qdpm_upload_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
rails_json_yaml_code_exec.rb
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
rails_secret_deserialization.rb
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
rails_xml_yaml_code_exec.rb
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
sflog_upload_exec.rb
Fix requires for PhpEXE
2013-06-19 16:27:59 -05:00
sit_file_upload.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
snortreport_exec.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
sonicwall_gms_upload.rb
Use the install path to tell us the separator
2013-02-08 12:10:42 -06:00
splunk_mappy_exec.rb
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
splunk_upload_app_exec.rb
Lower ranking because they cannot auto-target
2013-01-23 23:35:31 -06:00
spree_search_exec.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
spree_searchlogic_exec.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
struts_code_exec_exception_delegator.rb
Change default target
2013-01-23 23:40:47 -06:00
struts_code_exec_parameters.rb
Reverting disaster merge to 593363c5f with diff
2013-07-29 21:47:52 -05:00
struts_code_exec.rb
Lower ranking because they cannot auto-target
2013-01-23 23:35:31 -06:00
struts_default_action_mapper.rb
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
struts_include_params.rb
New module title and description fixes
2013-06-03 14:40:38 -05:00
stunshell_eval.rb
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
stunshell_exec.rb
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
sun_jsws_dav_options.rb
Merges and resolves CJR's normalize_uri fixes
2013-01-07 11:16:58 -06:00
testlink_upload_exec.rb
re-order refs
2013-06-20 11:17:23 -05:00
tomcat_mgr_deploy.rb
Fix undefined variable in tomcat_mgr_deploy.rb
2013-06-04 11:19:28 +10:00
traq_plugin_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
v0pcr3w_exec.rb
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
vbseo_proc_deutf.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
webpagetest_upload_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
wikka_spam_exec.rb
Correctly use normalize_uri()
2013-01-30 23:23:41 -06:00
zenworks_control_center_upload.rb
fix Privileged field
2013-03-30 19:39:01 +01:00