adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ffb681cb79b20d6eb44e2a8f4fcd9e8dd67b2b2f
metasploit-gs/modules/exploits/unix/webapp
T
History
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
2020-05-20 22:47:03 -05:00
..
actualanalyzer_ant_cookie_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
ajenti_auth_username_cmd_injection.rb
Update ajenti_auth_username_cmd_injection.rb
2019-11-20 19:09:24 +03:00
arkeia_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
awstats_configdir_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
awstats_migrate_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
awstatstotals_multisort.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
barracuda_img_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
base_qry_common.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
basilic_diff_exec.rb
Update CVE references for exploit modules
2018-07-08 18:46:04 -05:00
cacti_graphimage_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cakephp_cache_corruption.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
carberp_backdoor_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
citrix_access_gateway_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
clipbucket_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
coppermine_piceditor.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
datalife_preview_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dogfood_spell_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
drupal_coder_exec.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
drupal_drupalgeddon2.rb
Update logic for ForceExploit in my modules
2020-02-19 01:06:50 -06:00
drupal_restws_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
drupal_restws_unserialize.rb
Update logic for ForceExploit in my modules
2020-02-19 01:06:50 -06:00
egallery_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
elfinder_php_connector_exiftran_cmd_injection.rb
Update tested versions
2019-03-09 04:41:51 +00:00
flashchat_upload_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
foswiki_maketext.rb
Update false negatives on post auth information
2018-08-20 15:43:07 -05:00
freepbx_config_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
fusionpbx_exec_cmd_exec.rb
Add FusionPBX Command exec.php Command Execution
2019-11-01 23:38:51 +00:00
fusionpbx_operator_panel_exec_cmd_exec.rb
Use bg_system API command
2019-11-01 22:17:26 +00:00
generic_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
get_simple_cms_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
google_proxystylesheet_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
graphite_pickle_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
guestbook_ssi_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
hastymail_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
havalite_upload_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
horde_unserialize_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hybridauth_install_php_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
instantcms_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
invision_pboard_unserialize_exec.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
joomla_akeeba_unserialize.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
joomla_comfields_sqli_rce.rb
Update documentation and module
2018-03-28 10:57:28 -05:00
joomla_comjce_imgmanager.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
joomla_contenthistory_sqli_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
joomla_media_upload_exec.rb
This fixes broken links to the community.rapid7.com blog
2020-02-18 09:06:11 -06:00
joomla_tinybrowser.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
jquery_file_upload.rb
Update my modules
2019-06-24 13:38:14 -05:00
kimai_sqli.rb
revisionism
2019-01-10 19:19:14 +00:00
libretto_upload_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
maarch_letterbox_file_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
mambo_cache_lite.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mitel_awc_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
moinmoin_twikidraw.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
mybb_backdoor.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nagios3_history_cgi.rb
Update false negatives on post auth information
2018-08-20 15:43:07 -05:00
nagios3_statuswml_ping.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nagios_graph_explorer.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
narcissus_backend_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
open_flash_chart_upload_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
openemr_sqli_privesc_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openemr_upload_exec.rb
Update CVE references for exploit modules
2018-07-08 18:46:04 -05:00
opennetadmin_ping_cmd_injection.rb
Fix indentation issue
2020-02-21 15:47:32 +01:00
opensis_modname_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
openview_connectednodes_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openx_banner_edit.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
oracle_vm_agent_utl.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
oscommerce_filemanager.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pajax_remote_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_charts_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
php_eval.rb
Land #8698, Add HEADERS to php_eval module
2017-08-14 09:54:22 -04:00
php_include.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_vbulletin_template.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_xmlrpc_eval.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
phpbb_highlight.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
phpcollab_upload_exec.rb
Update phpcollab_upload_exec code (also module documentation)
2018-01-10 17:38:52 -06:00
phpmyadmin_config.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
piwik_superuser_plugin_upload.rb
Oops I made boo-boos
2018-08-21 08:53:43 -05:00
projectpier_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
projectsend_upload_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
qtss_parse_xml_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
rconfig_install_cmd_exec.rb
Update targets
2019-11-01 20:33:23 +00:00
redmine_scm_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
seportal_sqli_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
simple_e_document_upload_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
sixapart_movabletype_storable_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
skybluecanvas_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sphpblog_file_upload.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
spip_connect_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
squash_yaml_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
squirrelmail_pgp_plugin.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sugarcrm_rest_unserialize_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sugarcrm_unserialize_exec.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
thinkphp_rce.rb
Fix things in ThinkPHP and ManageEngine exploits
2020-05-20 22:47:03 -05:00
tikiwiki_graph_formula_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tikiwiki_jhot_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tikiwiki_unserialize_exec.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
tikiwiki_upload_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
trixbox_ce_endpoint_devicemap_rce.rb
Trixbox CE <= v2.8.0.4 Authenticated RCE
2020-05-04 15:58:38 -05:00
trixbox_langchoice.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tuleap_rest_unserialize_exec.rb
Fix global var $is_check (make ivar @is_check)
2017-12-18 03:15:33 -06:00
tuleap_unserialize_exec.rb
Remove OSVDB reference
2017-12-20 13:10:42 +01:00
twiki_history.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
twiki_maketext.rb
Update false negatives on post auth information
2018-08-20 15:43:07 -05:00
twiki_search.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vbulletin_vote_sqli_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vicidial_manager_send_cmd_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
vicidial_user_authorization_unauth_cmd_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
webmin_show_cgi_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
webmin_upload_exec.rb
Add webmin CVE
2019-03-21 11:28:45 -05:00
webtester_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
wp_admin_shell_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
wp_advanced_custom_fields_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_ajax_load_more_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_asset_manager_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_creativecontactform_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_downloadmanager_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_easycart_unrestricted_file_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
wp_foxypress_upload.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
wp_frontend_editor_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_google_document_embedder_exec.rb
Minor tweaks...
2017-09-08 10:04:47 -05:00
wp_holding_pattern_file_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
wp_inboundio_marketing_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_infinitewp_auth_bypass.rb
Punctuate check prints to match CheckCodes
2020-04-15 15:47:50 -05:00
wp_infusionsoft_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_lastpost_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_mobile_detector_upload_execute.rb
Fix #9109, HttpServer (TcpServer) backgrounding
2017-11-01 13:35:04 -05:00
wp_nmediawebsite_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_optimizepress_upload.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
wp_photo_gallery_unrestricted_file_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
wp_phpmailer_host_header.rb
Consolidate CmdStager flavors to symbols
2020-04-15 15:47:51 -05:00
wp_pixabay_images_upload.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
wp_plainview_activity_monitor_rce.rb
Remove executable flags from exploit files
2020-02-26 10:39:50 +00:00
wp_platform_exec.rb
55 pages of spelling done
2017-09-07 21:18:50 -04:00
wp_property_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_reflexgallery_file_upload.rb
Update CVE references for exploit modules
2018-07-08 18:46:04 -05:00
wp_revslider_upload_execute.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
wp_slideshowgallery_upload.rb
Update wp_slideshowgallery_upload.rb
2017-12-12 00:33:28 -05:00
wp_symposium_shell_upload.rb
Fix outdated metadata
2018-10-01 18:59:09 +01:00
wp_total_cache_exec.rb
Update false negatives on post auth information
2018-08-20 16:05:58 -05:00
wp_worktheflow_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_wpshop_ecommerce_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wp_wptouch_file_upload.rb
Minor tweaks...
2017-09-08 10:04:47 -05:00
wp_wysija_newsletters_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
xoda_file_upload.rb
Set needs_cleanup flag for exploits that need it
2019-08-02 10:23:53 -05:00
xymon_useradm_cmd_exec.rb
Add Xymon useradm Command Execution module
2019-07-02 14:04:07 +00:00
zeroshell_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
zimbra_lfi.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
zoneminder_packagecontrol_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
zpanel_username_exec.rb
35 pages of spelling done
2017-09-08 22:19:55 -04:00