Brendan 9bd8590b99 Merge pull request #19793 from sfewer-r7/CVE-2024-55956 ...

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution (CVE-2024-55956)

2025-01-15 15:04:45 -06:00

..

acronis_cyber_protect_unauth_rce_cve_2022_3405.rb

move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder

2025-01-09 16:32:42 -05:00

activecollab_chat.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

adobe_coldfusion_rce_cve_2023_26360.rb

bug fix for issue 18237. ColdFusion configured with a Development profile behaves slightly differently than ColdFusion deployed in a Production profile, so we need to test for some different return values during exploitation.

2023-08-08 14:47:14 +01:00

agent_tesla_panel_rce.rb

Rubocop recently landed modules continued

2021-02-25 14:13:40 +00:00

ajaxplorer_checkinstall_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

apache_activemq_upload_jsp.rb

Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall

2021-06-14 15:02:38 -05:00

apache_apisix_api_default_token_rce.rb

Improve some error handling

2022-03-21 15:22:00 -04:00

apache_commons_text4shell.rb

Update other modules to use java_class_loader_start_service and cmdstager_start_service

2024-06-14 12:57:42 +02:00

apache_couchdb_erlang_rce.rb

Extra ',' is causing ruby issues

2024-03-30 17:02:13 +03:00

apache_druid_cve_2023_25194.rb

Apply suggestions from code review

2023-06-23 09:36:50 +02:00

apache_flink_jar_upload_exec.rb

Update more modules to use the vars_form_data api

2022-05-11 18:18:21 +01:00

apache_jetspeed_file_upload.rb

Fix exploit/multi/http/apache_jetspeed_file_upload

2019-02-25 11:32:06 -06:00

apache_mod_cgi_bash_env_exec.rb

tests passing

2023-04-04 10:24:09 +01:00

apache_nifi_processor_rce.rb

review comments

2023-08-28 17:39:02 -04:00

apache_normalize_path_rce.rb

Fix apache_normalize_path_rce check method

2024-05-01 20:01:38 +01:00

apache_ofbiz_forgot_password_directory_traversal.rb

Minor update

2024-08-16 12:17:56 -07:00

apache_rocketmq_update_config.rb

RocketMQ fixes

2024-04-26 14:24:08 -07:00

apache_roller_ognl_injection.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

apprain_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

atlassian_confluence_namespace_ognl_injection.rb

Keep version detection consistent

2024-01-25 13:50:34 -05:00

atlassian_confluence_rce_cve_2023_22515.rb

set :random to true during generate_jar so we can randomize teh metasploit class path

2023-10-18 09:53:46 +01:00

atlassian_confluence_rce_cve_2023_22527.rb

Keep version detection consistent

2024-01-25 13:50:34 -05:00

atlassian_confluence_rce_cve_2024_21683.rb

Apply suggestions from code review

2024-07-10 20:45:53 -04:00

atlassian_confluence_unauth_backup.rb

Check method improvement

2023-12-14 12:42:23 -05:00

atlassian_confluence_webwork_ognl_injection.rb

Add Windows support to CVE-2021-26084 exploit

2021-10-14 16:58:04 -05:00

atlassian_crowd_pdkinstall_plugin_upload_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

atutor_sqli.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

atutor_upload_traversal.rb

Update rubocop target ruby version

2024-07-24 16:47:17 +01:00

auxilium_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

avideo_wwbnindex_unauth_rce.rb

Lint

2024-05-15 22:13:53 +02:00

axis2_deployer.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

baldr_upload_exec.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

bassmaster_js_injection.rb

Removed "ssl_restore = true"

2024-07-26 17:30:25 +02:00

bitbucket_env_var_rce.rb

address review comments

2023-03-15 11:18:03 -05:00

bolt_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

builderengine_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

cacti_package_import_rce.rb

Code review

2024-06-12 19:47:02 +02:00

cacti_pollers_sqli_rce.rb

Update cacti_pollers_sqli_rce to use the new library

2024-05-23 11:30:48 +02:00

caidao_php_backdoor_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

churchinfo_upload_exec.rb

tests passing

2023-04-04 10:24:09 +01:00

cisco_dcnm_upload_2019.rb

fix cisco advisory links

2022-01-13 18:55:39 +00:00

cisco_dcnm_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

cleo_rce_cve_2024_55956.rb

improve the regex by removing the unnecessary word boundrys, and add a non matching group for the product name. Thanks jvoisin

2025-01-09 11:43:58 +00:00

clinic_pms_fileupload_rce.rb

Modified the code logic as instructed by the reviewer & removed the instance variable

2024-12-17 21:39:30 +05:30

clipbucket_fileupload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

cmsms_object_injection_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

cmsms_showtime2_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

cmsms_upload_rename_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

cockpit_cms_rce.rb

Ensure identify hashes helper is accessible to modules

2023-04-12 13:28:56 +01:00

coldfusion_ckeditor_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

coldfusion_rds_auth_bypass.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

confluence_widget_connector.rb

linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil

2022-07-01 08:43:47 -04:00

connectwise_screenconnect_rce_cve_2024_1709.rb

use the Faker module to gen the plugins metadata.

2024-02-23 17:48:01 +00:00

crushftp_rce_cve_2023_43177.rb

Fixes from code review

2024-03-29 12:18:16 +01:00

cups_bash_env_exec.rb

tests passing

2023-04-04 10:24:09 +01:00

cuteflow_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

cve_2021_35464_forgerock_openam.rb

Run rubocop on exploit modules

2023-02-08 15:20:32 +00:00

cve_2023_38836_boidcms.rb

Updates based on jheysel-r7's suggestions

2024-02-29 12:42:22 -06:00

dexter_casinoloader_exec.rb

replace uri unescape with new proper methods

2024-07-01 15:52:01 -05:00

dotcms_file_upload_rce.rb

Update modules/exploits/multi/http/dotcms_file_upload_rce.rb

2022-06-01 10:54:02 -04:00

drupal_drupageddon.rb

tests passing

2023-04-04 10:24:09 +01:00

eaton_nsm_code_exec.rb

Update broken secunia references

2023-03-23 10:43:57 +00:00

eventlog_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

extplorer_upload_exec.rb

Add Meterpreter compatibility metadata

2021-10-06 13:54:51 +01:00

familycms_less_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

fortra_goanywhere_mft_rce_cve_2024_0204.rb

store the credentials we create in the DB

2024-02-01 19:48:01 +00:00

fortra_goanywhere_rce_cve_2023_0669.rb

Update fortra_goanywhere_rce_cve_2023_0669.rb

2023-02-09 23:06:59 +01:00

freenas_exec_raw.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

gambio_unauth_rce_cve_2024_23759.rb

Apply suggestions from code review

2024-04-19 13:44:18 -04:00

geoserver_unauth_rce_cve_2024_36401.rb

some small final changes

2024-08-29 11:23:58 -05:00

gestioip_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

getsimplecms_unauth_code_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

gibbon_auth_rce_cve_2024_24725.rb

third release module based on smcintyre-r7 comments

2024-04-04 17:14:32 +00:00

git_client_command_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

git_lfs_clone_command_exec.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

git_submodule_command_exec.rb

change modules to use hash in build_commit_object

2021-08-12 10:18:13 -05:00

git_submodule_url_exec.rb

add notes to updated modules

2021-08-12 10:18:13 -05:00

gitea_git_fetch_rce.rb

Add comment for details about the string substitutions on Windows

2022-11-17 12:25:52 +01:00

gitea_git_hooks_rce.rb

Update gitea git hooks rce check method

2021-10-01 01:11:11 +01:00

gitlab_exif_rce.rb

Changed qx delimiter to # and added it to badchars. Defaulted to a staged payload

2021-11-03 10:51:37 -07:00

gitlab_file_read_rce.rb

Update rubocop target ruby version

2024-07-24 16:47:17 +01:00

gitlab_github_import_rce_cve_2022_2992.rb

Update rubocop target ruby version

2024-07-24 16:47:17 +01:00

gitlab_shell_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

gitlist_arg_injection.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

gitorious_graph.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

glassfish_deployer.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

glossword_upload_exec.rb

Add Meterpreter compatibility metadata

2021-10-06 13:54:51 +01:00

glpi_install_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

gogs_git_hooks_rce.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

horde_csv_rce.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

horde_form_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

horde_href_backdoor.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

horizontcms_upload_exec.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

hp_sitescope_issuesiebelcmd.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

hp_sitescope_uploadfileshandler.rb

Add Meterpreter compatibility metadata

2021-10-06 13:54:51 +01:00

hp_sys_mgmt_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

hyperic_hq_script_console.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

ibm_openadmin_tool_soap_welcomeserver_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

ispconfig_php_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

jboss_bshdeployer.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

jboss_deploymentfilerepository.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

jboss_invoke_deploy.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

jboss_maindeployer.rb

Rename stop_service to cleanup_service for services that use reference counting

2022-03-10 10:28:25 +11:00

jboss_seam_upload_exec.rb

Zeitwerk rex folder

2021-02-08 12:24:12 +00:00

jenkins_metaprogramming.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

jenkins_script_console.rb

adds more future proofing to implementation

2023-06-21 14:19:24 +01:00

jenkins_xstream_deserialize.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

jetbrains_teamcity_rce_cve_2023_42793.rb

Minor code changes

2023-09-28 13:19:26 -04:00

jetbrains_teamcity_rce_cve_2024_27198.rb

reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless

2024-03-13 09:58:51 +00:00

jira_hipchat_template.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

jira_plugin_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

joomla_http_header_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

kong_gateway_admin_api_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

kordil_edms_upload_exec.rb

Add Meterpreter compatibility metadata

2021-10-06 13:54:51 +01:00

lcms_php_exec.rb

Update broken secunia references

2023-03-23 10:43:57 +00:00

liferay_java_unmarshalling.rb

Update other modules to use java_class_loader_start_service and cmdstager_start_service

2024-06-14 12:57:42 +02:00

log1cms_ajax_create_folder.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

log4shell_header_injection.rb

prevent .keys call on nil in log4shell_header_injection

2022-12-15 12:51:30 +02:00

lucee_scheduled_job.rb

Use coldfusion to decode base64 data

2023-02-28 17:32:56 -05:00

magento_unserialize.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

makoserver_cmd_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

manage_engine_dc_pmp_sqli.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb

Fix CVE

2023-01-30 12:18:08 +01:00

manageengine_auth_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

manageengine_sd_uploader.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

manageengine_search_sqli.rb

Use zeitwerk for lib/msf/core folder

2020-12-07 10:31:45 +00:00

manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb

Update manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module

2024-06-13 16:53:07 +02:00

mantisbt_manage_proj_page_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

mantisbt_php_exec.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

maracms_upload_exec.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

mediawiki_syntaxhighlight.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

mediawiki_thumb.rb

Fix file reads on Windows for binary files

2022-03-21 12:47:39 +00:00

metasploit_static_secret_key_base.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

metasploit_webui_console_command_execution.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

microfocus_obm_auth_rce.rb

Update other modules to use java_class_loader_start_service and cmdstager_start_service

2024-06-14 12:57:42 +02:00

microfocus_ucmdb_unauth_deser.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

mirth_connect_cve_2023_43208.rb

Check the response when exploiting

2024-01-29 14:38:49 -05:00

mma_backdoor_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

mobilecartly_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

monitorr_webshell_rce_cve_2020_28871.rb

use target_uri.path in requests

2023-03-22 12:50:11 -05:00

monstra_fileupload_exec.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

moodle_admin_shell_upload.rb

rubocop

2021-10-11 16:23:09 -04:00

moodle_spelling_binary_rce.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

moodle_spelling_path_rce.rb

more libs for moodle and teacher priv esc to rce module

2021-09-04 13:31:11 -04:00

moodle_teacher_enrollment_priv_esc_to_rce.rb

rubocop

2021-10-11 16:23:09 -04:00

movabletype_upgrade_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

mutiny_subnetmask_exec.rb

Removed "ssl_restore = true"

2024-07-26 17:30:25 +02:00

mybb_rce_cve_2022_24734.rb

Fixes from code review

2022-05-30 16:24:18 +02:00

nas4free_php_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

navigate_cms_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

netwin_surgeftp_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

nibbleblog_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

nostromo_code_exec.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

novell_servicedesk_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

nuuo_nvrmini_upgrade_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

october_upload_bypass_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

op5_license.rb

Update broken secunia references

2023-03-23 10:43:57 +00:00

op5_welcome.rb

Update broken secunia references

2023-03-23 10:43:57 +00:00

open_web_analytics_rce.rb

Add DefangedMode to warn the user

2023-03-16 18:07:28 +01:00

openfire_auth_bypass_rce_cve_2023_32315.rb

fixed the invalid character at the store_valid_credential‎ function

2023-07-18 08:38:06 +00:00

openfire_auth_bypass.rb

Adjust files to be better shared

2023-07-14 12:47:04 -05:00

openmrs_deserialization.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

openx_backdoor_php.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

opmanager_socialit_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

opmanager_sumpdu_deserialization.rb

Add a note about exploitable versions

2021-09-16 17:08:23 -04:00

oracle_ats_file_upload.rb

Fix exploit/multi/http/oracle_ats_file_upload

2019-02-25 11:35:34 -06:00

oracle_reports_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

oracle_weblogic_wsat_deserialization_rce.rb

Rename stop_service to cleanup_service for services that use reference counting

2022-03-10 10:28:25 +11:00

orientdb_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

oscommerce_installer_unauth_code_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

pandora_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

papercut_ng_auth_bypass.rb

Removing unnecessary assignment

2023-05-31 19:17:30 +00:00

pentaho_business_server_authbypass_and_ssti.rb

require.js is not the only way, account for this new discovery in code

2023-05-10 13:02:02 -05:00

pgadmin_session_deserialization.rb

Clean up some of the module's documentation

2024-04-16 13:36:21 -04:00

phoenix_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

php_cgi_arg_injection.rb

php_cgi_arg_injection: Fix check regex match to detect code html tag

2023-03-27 15:21:04 +11:00

php_fpm_rce.rb

Update php_fpm_rce.rb

2022-06-03 11:23:53 +03:00

php_utility_belt_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

php_volunteer_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpfilemanager_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpldapadmin_query_engine.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpmailer_arg_injection.rb

Fix a whitespace issue, restore option naming

2022-06-29 12:24:29 -04:00

phpmoadmin_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpmyadmin_3522_backdoor.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpmyadmin_lfi_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

phpmyadmin_null_termination_exec.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

phpmyadmin_preg_replace.rb

reduces code duplication

2023-04-04 10:27:11 +01:00

phpscheduleit_start_date.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpstudy_backdoor_rce.rb

Update rubocop target ruby version

2024-07-24 16:47:17 +01:00

phptax_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

phpwiki_ploticus_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

pimcore_unserialize_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

playsms_filename_exec.rb

Update more modules to use the vars_form_data api

2022-05-11 18:18:21 +01:00

playsms_template_injection.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

playsms_uploadcsv_exec.rb

Update more modules to use the vars_form_data api

2022-05-11 18:18:21 +01:00

plone_popen2.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

pmwiki_pagelist.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

polarcms_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

primefaces_weak_encryption_rce.rb

Standardize capitalization of Java Expression Language

2024-12-06 16:00:58 -08:00

processmaker_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

processmaker_plugin_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

qdpm_authenticated_rce.rb

Modules: Fix Stability/SideEffects/Reliability notes for several modules

2022-10-01 17:54:59 +10:00

qdpm_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_actionpack_inline_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_double_tap.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_dynamic_render_code_exec.rb

Removed "ssl_restore = true"

2024-07-26 17:30:25 +02:00

rails_json_yaml_code_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_secret_deserialization.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_web_console_v2_code_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rails_xml_yaml_code_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

rocket_servergraph_file_requestor_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

rudder_server_sqli_rce.rb

Add a comment explaining why the Windows target is disabled

2023-07-31 15:13:35 +02:00

sflog_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

shiro_rememberme_v124_deserialize.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

shopware_createinstancefromnamedarguments_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

simple_backdoors_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

sit_file_upload.rb

Update broken secunia references

2023-03-23 10:43:57 +00:00

snortreport_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

solarwinds_store_manager_auth_filter.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

solr_velocity_rce.rb

Update other modules to use java_class_loader_start_service and cmdstager_start_service

2024-06-14 12:57:42 +02:00

sonicwall_gms_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

sonicwall_scrutinizer_methoddetail_sqli.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

sonicwall_shell_injection_cve_2023_34124.rb

Resolve PR comments

2023-09-06 14:11:29 -07:00

spip_bigup_unauth_rce.rb

fix(modules): spip_bigup_unauth_rce minor fix

2024-09-11 11:46:52 -04:00

spip_connect_exec.rb

Change version fingerprinting

2024-09-08 07:01:23 +02:00

spip_porte_plume_previsu_rce.rb

Fix bug

2024-09-08 07:54:11 +02:00

spip_rce_form.rb

Change version fingerprinting

2024-09-08 07:01:23 +02:00

splunk_mappy_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

splunk_privilege_escalation_cve_2023_32707.rb

Update rubocop target ruby version

2024-07-24 16:47:17 +01:00

splunk_upload_app_exec.rb

Fix file reads on Windows for binary files

2022-03-21 12:47:39 +00:00

spree_search_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

spree_searchlogic_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

spring_cloud_function_spel_injection.rb

Fix the check method, add docs

2022-03-31 09:01:08 -04:00

spring_framework_rce_spring4shell.rb

Rename the function to emphasize truthy

2022-05-13 09:16:01 -04:00

struts2_code_exec_showcase.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts2_content_type_ognl.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts2_multi_eval_ognl.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

struts2_namespace_ognl.rb

Update all links from Wiki site to new docs site.

2023-01-27 09:58:53 -06:00

struts2_rest_xstream.rb

Fix missing split in struts2_rest_xstream

2019-07-10 11:15:36 -05:00

struts_code_exec_classloader.rb

Update a couple of modules for the new SMB server

2022-05-16 14:39:45 -04:00

struts_code_exec_exception_delegator.rb

exploits: Set tftphost option for modules which use Windows TFTP stager

2022-06-29 19:10:52 +10:00

struts_code_exec_parameters.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts_code_exec.rb

exploits: Set tftphost option for modules which use Windows TFTP stager

2022-06-29 19:10:52 +10:00

struts_default_action_mapper.rb

Removed "ssl_restore = true"

2024-07-26 17:30:25 +02:00

struts_dev_mode.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts_dmi_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts_dmi_rest_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

struts_include_params.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

stunshell_eval.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

stunshell_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

subrion_cms_file_upload_rce.rb

Move module and documentation from linux/http to multi/http

2023-08-02 10:10:27 -04:00

sugarcrm_webshell_cve_2023_22952.rb

added MIME, added break in mixin and added link with installation instructions

2023-03-09 09:28:46 -06:00

sun_jsws_dav_options.rb

Use zeitwerk for lib/msf/core folder

2020-12-07 10:31:45 +00:00

sysaid_auth_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

sysaid_rdslogs_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

testlink_upload_exec.rb

Add Meterpreter compatibility metadata

2021-10-06 13:54:51 +01:00

tomcat_jsp_upload_bypass.rb

Modules: Prefer CVE references over cve.mitre.org URL references

2022-04-19 20:42:23 +00:00

tomcat_mgr_deploy.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

tomcat_mgr_upload.rb

Update more modules to use the vars_form_data api

2022-05-11 18:18:21 +01:00

torchserver_cve_2023_43654.rb

Update other modules to use java_class_loader_start_service and cmdstager_start_service

2024-06-14 12:57:42 +02:00

totaljs_cms_widget_exec.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

traq_plugin_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

trendmicro_threat_discovery_admin_sys_time_cmdi.rb

Removed "ssl_restore = true"

2024-07-26 17:30:25 +02:00

ubiquiti_unifi_log4shell.rb

More redundant cleanup calls

2022-03-11 12:22:27 +11:00

uptime_file_upload_1.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

uptime_file_upload_2.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

v0pcr3w_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

vbseo_proc_deutf.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

vbulletin_getindexablecontent.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

vbulletin_unserialize.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

vbulletin_widget_template_rce.rb

Enforce Style/RedundantBegin for new modules

2021-05-13 04:01:03 +01:00

vbulletin_widgetconfig_rce.rb

Migrate old uses of manual autocheck to use the new prepend autocheck

2021-02-02 10:15:46 +00:00

visual_mining_netcharts_upload.rb

Remove superfluous default_cred? methods

2021-04-07 06:12:25 -05:00

vmware_vcenter_log4shell.rb

Add and use a Log4Shell mixin

2022-02-03 16:09:49 -05:00

vmware_vcenter_uploadova_rce.rb

Update module credits

2021-07-14 15:10:25 -05:00

vtiger_install_rce.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

vtiger_logo_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

vtiger_php_exec.rb

fix URLs not resolving

2022-02-16 17:22:40 -06:00

vtiger_soap_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

weblogic_admin_handle_rce.rb

Improve here doc formatting

2021-07-08 01:19:21 -05:00

webnms_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

webpagetest_upload_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

werkzeug_debug_rce.rb

Update werkzeug_debug_rce.rb

2024-12-08 21:01:17 +00:00

wikka_spam_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

wp_ait_csv_rce.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

wp_automatic_sqli_to_rce.rb

Add suggestions

2024-10-29 20:42:13 +01:00

wp_backup_migration_php_filter.rb

Random parameter generation

2024-08-24 17:27:13 +02:00

wp_bricks_builder_rce.rb

Fix typos

2024-03-26 21:05:35 +01:00

wp_catch_themes_demo_import.rb

string true to bool true

2022-10-03 19:50:04 -04:00

wp_crop_rce.rb

add option in documentation and add notes

2022-10-25 12:22:00 -05:00

wp_db_backup_rce.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

wp_dnd_mul_file_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

wp_file_manager_rce.rb

Add additional reliability and stability notes to modules

2024-01-22 23:29:57 +00:00

wp_givewp_rce.rb

Lint

2024-10-30 16:17:36 -04:00

wp_hash_form_rce.rb

PR-19208: Add DefaultTarget to the info hash

2024-06-05 10:14:48 +02:00

wp_litespeed_cookie_theft.rb

Respond to comments

2024-09-16 09:46:57 -07:00

wp_ninja_forms_unauthenticated_file_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

wp_plugin_backup_guard_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

wp_plugin_elementor_auth_upload_rce.rb

use vars_form_data

2022-10-03 14:43:12 -04:00

wp_plugin_fma_shortcode_unauth_rce.rb

update modules for inclusion into wordpress updater

2024-12-29 17:25:12 -05:00

wp_plugin_modern_events_calendar_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

wp_plugin_sp_project_document_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

wp_popular_posts_rce.rb

string true to bool true

2022-10-03 19:50:04 -04:00

wp_reallysimplessl_2fa_bypass_rce.rb

update modules for inclusion into wordpress updater

2024-12-29 17:25:12 -05:00

wp_responsive_thumbnail_slider_upload.rb

Handle nil versions for rubygems 4

2021-02-25 16:47:49 +00:00

wp_royal_elementor_addons_rce.rb

Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb

2023-11-28 08:15:27 +01:00

wp_simple_file_list_rce.rb

Run Rubocop layout rules on modules

2021-08-27 17:19:43 +01:00

wp_time_capsule_file_upload_rce.rb

Remove potential NoMethodError in fail_with call

2024-12-12 18:04:10 -08:00

wso2_api_manager_file_upload_rce.rb

Enhance: Rollback to register_file_for_cleanup

2024-12-11 11:58:53 +01:00

wso2_file_upload_rce.rb

Rename the function to emphasize truthy

2022-05-13 09:16:01 -04:00

x7chat2_php_exec.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

zabbix_script_exec.rb

Rename the function to emphasize truthy

2022-05-13 09:16:01 -04:00

zemra_panel_rce.rb

fix broken module references

2023-04-01 05:17:02 -07:00

zenworks_configuration_management_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

zenworks_control_center_upload.rb

Convert disclosure dates to iso8601

2020-10-02 21:00:37 +01:00

zpanel_information_disclosure_rce.rb

Use zeitwerk for lib/msf/core folder

2020-12-07 10:31:45 +00:00