dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/modules/exploits/linux/http
History
Jack Heysel 2b90d33aef
Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 		2024-03-20 12:54:16 -07:00
..
accellion_fta_getstatus_oauth.rb
advantech_switch_bash_env_exec.rb tests passing 2023-04-04 10:24:09 +01:00
airties_login_cgi_bof.rb
alcatel_omnipcx_mastercgi_exec.rb
alienvault_exec.rb
alienvault_sqli_exec.rb
apache_airflow_dag_rce.rb Move module and documentation from multi/http to linux/http 2023-09-17 22:42:26 +08:00
apache_continuum_cmd_exec.rb
apache_couchdb_cmd_exec.rb Update modules/exploits/linux/http/apache_couchdb_cmd_exec.rb 2023-04-07 09:55:00 +09:00
apache_druid_js_rce.rb
apache_nifi_h2_rce.rb review comments 2023-08-28 17:39:02 -04:00
apache_ofbiz_deserialization.rb fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
apache_ofbiz_deserialization_soap.rb
apache_spark_rce_cve_2022_33891.rb add curl cmd stager flavor 2022-09-07 12:45:13 -05:00
apache_superset_cookie_sig_rce.rb Raise a more specific error message 2023-10-10 15:21:35 -04:00
artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb
astium_sqli_upload.rb
asuswrt_lan_rce.rb
atutor_filemanager_traversal.rb
axis_app_install.rb Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
axis_srv_parhand_rce.rb
belkin_login_bof.rb
bitbucket_git_cmd_injection.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bludit_upload_images_exec.rb
cacti_unauthenticated_cmd_injection.rb specify command stager flavors 2023-01-23 11:53:19 -06:00
cayin_cms_ntp.rb
centreon_pollers_auth_rce.rb
centreon_sqli_exec.rb
centreon_useralias_exec.rb
cfme_manageiq_evm_upload_exec.rb
chamilo_unauth_rce_cve_2023_34960.rb Final minor updates 2023-08-23 11:38:07 +00:00
cisco_asax_sfr_rce.rb Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup. 2022-09-02 08:44:04 -07:00
cisco_firepower_useradd.rb
cisco_hyperflex_file_upload_rce.rb
cisco_hyperflex_hx_data_platform_cmd_exec.rb
cisco_prime_inf_rce.rb
cisco_rv32x_rce.rb
cisco_rv340_lan.rb Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
cisco_rv_series_authbypass_and_rce.rb
cisco_ucs_cloupia_script_rce.rb
cisco_ucs_rce.rb
control_web_panel_login_cmd_exec.rb Fix a typo 2023-01-25 13:45:18 -05:00
cpi_tararchive_upload.rb
craftcms_unauth_rce_cve_2023_41892.rb Final update to the module based on cdelafuente-r7 comments 2023-12-21 12:06:21 +00:00
crypttech_cryptolog_login_exec.rb
cve_2019_1663_cisco_rmi_rce.rb
dcos_marathon.rb
ddwrt_cgibin_exec.rb
denyall_waf_exec.rb
dlink_authentication_cgi_bof.rb
dlink_command_php_exec_noauth.rb
dlink_dcs931l_upload.rb
dlink_dcs_930l_authenticated_remote_command_execution.rb
dlink_diagnostic_exec_noauth.rb
dlink_dir300_exec_telnet.rb
dlink_dir605l_captcha_bof.rb
dlink_dir615_up_exec.rb
dlink_dir850l_unauth_exec.rb
dlink_dsl2750b_exec_noauth.rb
dlink_dspw110_cookie_noauth_exec.rb
dlink_dspw215_info_cgi_bof.rb
dlink_dwl_2600_command_injection.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
dlink_hedwig_cgi_bof.rb
dlink_hnap_bof.rb
dlink_hnap_header_exec_noauth.rb
dlink_hnap_login_bof.rb
dlink_upnp_exec_noauth.rb
dnalims_admin_exec.rb
docker_daemon_tcp.rb
dolibarr_cmd_exec.rb
dreambox_openpli_shell.rb
efw_chpasswd_exec.rb
elfinder_archive_cmd_injection.rb
empire_skywalker.rb
esva_exec.rb
eyesofnetwork_autodiscovery_rce.rb reduces code duplication 2023-04-04 10:27:11 +01:00
f5_bigip_tmui_rce_cve_2020_5902.rb Rename the other TMUI RCE module 2023-11-01 16:55:42 -04:00
f5_bigip_tmui_rce_cve_2023_46747.rb Fix a stability issue with the module 2023-11-02 17:10:20 -04:00
f5_icall_cmd.rb
f5_icontrol_exec.rb
f5_icontrol_rce.rb Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times. 2022-05-11 16:43:37 -05:00
f5_icontrol_rest_ssrf_rce.rb
f5_icontrol_rpmspec_rce_cve_2022_41800.rb Remove non-functioning Arch'es 2022-11-23 10:42:07 -08:00
f5_icontrol_soap_csrf_rce_cve_2022_41622.rb remove CmdStager inclusion 2022-11-18 16:18:25 -06:00
flir_ax8_unauth_rce_cve_2022_37061.rb updated module with code suggestions space-r7 2022-10-25 16:38:15 +00:00
foreman_openstack_satellite_code_exec.rb
fortinac_keyupload_file_write.rb Correct architecture and do final fixes 2023-03-13 15:46:42 -05:00
fortinet_authentication_bypass_cve_2022_40684.rb Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 2022-10-18 00:51:28 +02:00
fritzbox_echo_exec.rb
froxlor_log_path_rce.rb Check method enhancement 2023-02-24 13:33:10 -05:00
geutebruck_cmdinject_cve_2021_335xx.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
geutebruck_instantrec_bof.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
geutebruck_testaction_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
github_enterprise_secret.rb
gitlist_exec.rb
glinet_unauth_rce_cve_2023_50445.rb Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
glpi_htmlawed_php_injection.rb Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
goahead_ldpreload.rb
goautodial_3_rce_command_injection.rb
gpsd_format_string.rb
grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb
grandstream_ucm62xx_sendemail_rce.rb
gravcms_exec.rb Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
groundwork_monarch_cmd_exec.rb
h2_webinterface_rce.rb review comments 2023-08-08 17:15:22 -04:00
hadoop_unauth_exec.rb Link Hadoop YARN exploit to documentation 2023-02-15 21:17:26 +01:00
hikvision_cve_2021_36260_blind.rb
hp_system_management.rb
hp_van_sdn_cmd_inject.rb
huawei_hg532n_cmdinject.rb
ibm_drm_rce.rb Add module notes 2023-02-08 15:46:07 +00:00
ibm_qradar_unauth_rce.rb
imperva_securesphere_exec.rb
ipfire_bashbug_exec.rb tests passing 2023-04-04 10:24:09 +01:00
ipfire_oinkcode_exec.rb
ipfire_pakfire_exec.rb
ipfire_proxy_exec.rb
ivanti_connect_secure_rce_cve_2023_46805.rb use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
ivanti_connect_secure_rce_cve_2024_21893.rb remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
ivanti_csa_unauth_rce_cve_2021_44529.rb Apply fixes per code review 2023-01-17 12:44:22 -06:00
ivanti_sentry_misc_log_service.rb Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
jenkins_cli_deserialization.rb
kafka_ui_unauth_rce_cve_2023_52251.rb added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
kaltura_unserialize_cookie_rce.rb
kaltura_unserialize_rce.rb
kibana_timelion_prototype_pollution_rce.rb review comments 2023-09-01 20:34:35 -04:00
kibana_upgrade_assistant_telemetry_rce.rb kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
klog_server_authenticate_user_unauth_command_injection.rb
kloxo_sqli.rb
lexmark_faxtrace_settings.rb rubocop 2023-09-06 15:47:54 -04:00
librenms_addhost_cmd_inject.rb
librenms_collectd_cmd_inject.rb
lifesize_uvc_ping_rce.rb
linear_emerge_unauth_rce_cve_2019_7256.rb Fix up missing option in documentation and also add some additional validation on server response. 2023-01-04 17:02:05 -06:00
linksys_apply_cgi.rb
linksys_e1500_apply_exec.rb
linksys_themoon_exec.rb
linksys_wrt54gl_apply_exec.rb
linksys_wrt110_cmd_exec.rb
linksys_wrt160nv2_apply_exec.rb
linksys_wvbr0_user_agent_exec_noauth.rb
linuxki_rce.rb Add module notes 2023-02-08 15:46:07 +00:00
logsign_exec.rb
lucee_admin_imgprocess_file_write.rb
magnusbilling_unauth_rce_cve_2023_30258.rb third release module with minor text changes 2023-10-31 09:29:13 +00:00
mailcleaner_exec.rb
majordomo_cmd_inject_cve_2023_50917.rb Add suggested changes 2023-12-22 00:04:54 +01:00
metabase_setup_token_rce.rb review comments 2023-08-08 17:16:57 -04:00
microfocus_obr_cmd_injection.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
microfocus_secure_messaging_gateway.rb
mida_solutions_eframework_ajaxreq_rce.rb
mobileiron_core_log4shell.rb Remove superfluous code and add extra check 2022-08-02 11:04:13 -05:00
mobileiron_mdm_hessian_rce.rb
multi_ncc_ping_exec.rb
mutiny_frontend_upload.rb
mvpower_dvr_shell_exec.rb
nagios_xi_autodiscovery_webshell.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_chained_rce.rb Update form data api defaults 2022-05-10 14:12:17 +01:00
nagios_xi_chained_rce_2_electric_boogaloo.rb
nagios_xi_configwizards_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_magpie_debug.rb
nagios_xi_mibs_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_plugins_check_plugin_authenticated_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
nagios_xi_plugins_filename_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_snmptrap_authenticated_rce.rb
netgear_dgn1000_setup_unauth_exec.rb
netgear_dgn1000b_setup_exec.rb
netgear_dgn2200b_pppoe_exec.rb
netgear_dnslookup_cmd_exec.rb
netgear_r7000_cgibin_exec.rb
netgear_readynas_exec.rb
netgear_unauth_exec.rb
netgear_wnr2000_rce.rb
netsweeper_webadmin_unixlogin.rb
nexus_repo_manager_el_injection.rb
nginx_chunked_size.rb
nuuo_nvrmini_auth_rce.rb
nuuo_nvrmini_unauth_rce.rb
op5_config_exec.rb
openfiler_networkcard_exec.rb
opennms_horizon_authenticated_rce.rb rubocop 2024-03-20 11:39:19 -07:00
opentsdb_key_cmd_injection.rb add opentsdb_key_cmd_injection exploit module 2023-09-07 17:29:16 +03:00
opentsdb_yrange_cmd_injection.rb Make rubocop happy 2022-12-23 13:38:16 +01:00
optergy_bms_backdoor_rce_cve_2019_7276.rb updated module and documentation with SUDO option 2023-03-26 18:31:25 +00:00
oracle_ebs_rce_cve_2022_21587.rb Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587 2023-02-21 18:02:10 +00:00
pandora_fms_events_exec.rb Add module notes 2023-02-08 15:46:07 +00:00
pandora_fms_exec.rb
pandora_fms_sqli.rb
pandora_ping_cmd_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
panos_op_cmd_exec.rb string true to bool true 2022-10-03 19:50:04 -04:00
panos_readsessionvars.rb
peercast_url.rb
php_imap_open_rce.rb
pineapp_ldapsyncnow_exec.rb
pineapp_livelog_exec.rb
pineapp_test_li_conn_exec.rb
pineapple_bypass_cmdinject.rb
pineapple_preconfig_cmdinject.rb
piranha_passwd_exec.rb
pulse_secure_cmd_exec.rb
pulse_secure_gzip_rce.rb
pyload_js2py_exec.rb Add module docs 2023-02-15 16:29:42 -05:00
qnap_qcenter_change_passwd_exec.rb
qnap_qts_rce_cve_2023_47218.rb Docs plus minor edits 2024-02-15 17:12:11 -05:00
raidsonic_nas_ib5220_exec_noauth.rb
railo_cfml_rfi.rb
rancher_server.rb
rconfig_ajaxarchivefiles_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
rconfig_vendors_auth_file_upload_rce.rb
realtek_miniigd_upnp_exec_noauth.rb
riverbed_netprofiler_netexpress_exec.rb
roxy_wi_exec.rb Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments 2022-07-25 13:05:04 -05:00
saltstack_salt_api_cmd_exec.rb
saltstack_salt_wheel_async_rce.rb
samsung_srv_1670d_upload_exec.rb
seagate_nas_php_exec_noauth.rb
smt_ipmi_close_window_bof.rb
solarview_unauth_rce_cve_2023_23333.rb Apply grammatical suggestions from code review 2023-09-05 17:06:01 -04:00
sonicwall_cve_2021_20039.rb
sophos_utm_webadmin_sid_cmd_injection.rb
sophos_wpa_iface_exec.rb
sophos_wpa_sblistpack_exec.rb
sourcegraph_gitserver_sshcmd.rb Use a more reliable check method 2022-07-11 09:48:08 -04:00
spark_unauth_rce.rb
spring_cloud_gateway_rce.rb Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
suitecrm_log_file_rce.rb
supervisor_xmlrpc_exec.rb
symantec_messaging_gateway_exec.rb
symantec_web_gateway_exec.rb
symantec_web_gateway_file_upload.rb
symantec_web_gateway_lfi.rb
symantec_web_gateway_pbcontrol.rb
symantec_web_gateway_restore.rb
symmetricom_syncserver_rce.rb add exploit rank 2023-06-13 17:05:30 -05:00
synology_dsm_sliceupload_exec_noauth.rb
synology_dsm_smart_exec_auth.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
terramaster_unauth_rce_cve_2020_35665.rb Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
terramaster_unauth_rce_cve_2021_45837.rb Latest updates based on reviewers comments 2023-06-08 21:25:40 +00:00
terramaster_unauth_rce_cve_2022_24990.rb Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
tiki_calendar_exec.rb
totolink_unauth_rce_cve_2023_30013.rb Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
tp_link_ncxxx_bonjour_command_injection.rb
tp_link_sc2020n_authenticated_telnet_injection.rb
tr064_ntpserver_cmdinject.rb
trend_micro_imsva_exec.rb
trendmicro_imsva_widget_exec.rb
trendmicro_sps_exec.rb
trendmicro_websecurity_exec.rb
trueonline_billion_5200w_rce.rb
trueonline_p660hn_v1_rce.rb
trueonline_p660hn_v2_rce.rb
ubiquiti_airos_file_upload.rb
ueb_api_rce.rb
unraid_auth_bypass_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
vap2500_tools_command_exec.rb
vcms_upload.rb
vestacp_exec.rb
vinchin_backup_recovery_cmd_inject.rb Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 2023-11-28 08:10:56 +01:00
vmware_nsxmgr_xstream_rce_cve_2021_39144.rb addressed code improvement suggestions 2022-11-12 10:21:43 +00:00
vmware_vcenter_analytics_file_upload.rb
vmware_vcenter_vsan_health_rce.rb
vmware_view_planner_4_6_uploadlog_rce.rb
vmware_vrli_rce.rb Replace the binray blobs 2023-09-12 12:21:10 -04:00
vmware_vrni_rce_cve_2023_20887.rb Rubocop fixes 2023-07-20 16:40:28 -04:00
vmware_vrops_mgr_ssrf_rce.rb
vmware_workspace_one_access_cve_2022_22954.rb Deregister VHOST 2022-05-03 11:52:50 -05:00
vmware_workspace_one_access_vmsa_2022_0011_chain.rb Added missing require builder statement 2023-04-18 18:10:46 -04:00
wanem_exec.rb
wd_mycloud_multiupload_upload.rb
wd_mycloud_unauthenticated_cmd_injection.rb code review fixes for wd_mycloud_unauthenticated_cmd_injection 2023-07-27 23:09:50 +03:00
webcalendar_settings_exec.rb
webid_converter.rb
webmin_backdoor.rb
webmin_file_manager_rce.rb Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
webmin_package_updates_rce.rb Fix from code review 2022-08-09 15:09:25 +02:00
webmin_packageup_rce.rb
wepresent_cmd_injection.rb
wipg1000_cmd_injection.rb
xplico_exec.rb
zabbix_sqli.rb
zen_load_balancer_exec.rb
zenoss_showdaemonxmlconfig_exec.rb
zimbra_cpio_cve_2022_41352.rb Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
zimbra_mboximport_cve_2022_27925.rb Add in changes from review 2022-08-23 11:44:03 -05:00
zimbra_unrar_cve_2022_30333.rb Remove unecessary return statement 2022-12-06 15:07:28 +01:00
zimbra_xxe_rce.rb
zyxel_lfi_unauth_ssh_rce.rb Updates based on cdelafuente-r7 latest comments 2023-05-10 07:46:11 +00:00
zyxel_ztp_rce.rb Add in edits from review 2022-05-13 15:32:12 -05:00