dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/modules/exploits/multi/http
History
Christophe De La Fuente 44c5422e07
Land #18922, JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198) 		2024-03-13 20:16:27 +01:00
..
activecollab_chat.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
adobe_coldfusion_rce_cve_2023_26360.rb bug fix for issue 18237. ColdFusion configured with a Development profile behaves slightly differently than ColdFusion deployed in a Production profile, so we need to test for some different return values during exploitation. 2023-08-08 14:47:14 +01:00
agent_tesla_panel_rce.rb Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
ajaxplorer_checkinstall_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
apache_activemq_upload_jsp.rb Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
apache_apisix_api_default_token_rce.rb Improve some error handling 2022-03-21 15:22:00 -04:00
apache_commons_text4shell.rb Add suggested changes 2024-01-05 22:31:51 +05:30
apache_couchdb_erlang_rce.rb Fixed powershell taget 2022-11-01 10:55:50 -05:00
apache_druid_cve_2023_25194.rb Apply suggestions from code review 2023-06-23 09:36:50 +02:00
apache_flink_jar_upload_exec.rb Update more modules to use the vars_form_data api 2022-05-11 18:18:21 +01:00
apache_jetspeed_file_upload.rb Fix exploit/multi/http/apache_jetspeed_file_upload 2019-02-25 11:32:06 -06:00
apache_mod_cgi_bash_env_exec.rb tests passing 2023-04-04 10:24:09 +01:00
apache_nifi_processor_rce.rb review comments 2023-08-28 17:39:02 -04:00
apache_normalize_path_rce.rb update modules and docs 2021-10-10 17:01:15 +04:00
apache_rocketmq_update_config.rb Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
apache_roller_ognl_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
apprain_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
atlassian_confluence_namespace_ognl_injection.rb Keep version detection consistent 2024-01-25 13:50:34 -05:00
atlassian_confluence_rce_cve_2023_22515.rb set :random to true during generate_jar so we can randomize teh metasploit class path 2023-10-18 09:53:46 +01:00
atlassian_confluence_rce_cve_2023_22527.rb Keep version detection consistent 2024-01-25 13:50:34 -05:00
atlassian_confluence_unauth_backup.rb Check method improvement 2023-12-14 12:42:23 -05:00
atlassian_confluence_webwork_ognl_injection.rb Add Windows support to CVE-2021-26084 exploit 2021-10-14 16:58:04 -05:00
atlassian_crowd_pdkinstall_plugin_upload_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
atutor_sqli.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
atutor_upload_traversal.rb Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
auxilium_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
axis2_deployer.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
baldr_upload_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
bassmaster_js_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
bitbucket_env_var_rce.rb address review comments 2023-03-15 11:18:03 -05:00
bolt_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
builderengine_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cacti_pollers_sqli_rce.rb Fix typos 2024-02-02 11:45:51 +01:00
caidao_php_backdoor_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
churchinfo_upload_exec.rb tests passing 2023-04-04 10:24:09 +01:00
cisco_dcnm_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cisco_dcnm_upload_2019.rb fix cisco advisory links 2022-01-13 18:55:39 +00:00
clipbucket_fileupload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cmsms_object_injection_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
cmsms_showtime2_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
cmsms_upload_rename_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
cockpit_cms_rce.rb Ensure identify hashes helper is accessible to modules 2023-04-12 13:28:56 +01:00
coldfusion_ckeditor_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
coldfusion_rds_auth_bypass.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
confluence_widget_connector.rb linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil 2022-07-01 08:43:47 -04:00
connectwise_screenconnect_rce_cve_2024_1709.rb use the Faker module to gen the plugins metadata. 2024-02-23 17:48:01 +00:00
cups_bash_env_exec.rb tests passing 2023-04-04 10:24:09 +01:00
cuteflow_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cve_2021_35464_forgerock_openam.rb Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
cve_2023_38836_boidcms.rb Updates based on jheysel-r7's suggestions 2024-02-29 12:42:22 -06:00
dexter_casinoloader_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dotcms_file_upload_rce.rb Update modules/exploits/multi/http/dotcms_file_upload_rce.rb 2022-06-01 10:54:02 -04:00
drupal_drupageddon.rb tests passing 2023-04-04 10:24:09 +01:00
eaton_nsm_code_exec.rb Update broken secunia references 2023-03-23 10:43:57 +00:00
eventlog_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
extplorer_upload_exec.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
familycms_less_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
fortra_goanywhere_mft_rce_cve_2024_0204.rb store the credentials we create in the DB 2024-02-01 19:48:01 +00:00
fortra_goanywhere_rce_cve_2023_0669.rb Update fortra_goanywhere_rce_cve_2023_0669.rb 2023-02-09 23:06:59 +01:00
freenas_exec_raw.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
gestioip_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
getsimplecms_unauth_code_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
git_client_command_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
git_lfs_clone_command_exec.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
git_submodule_command_exec.rb change modules to use hash in build_commit_object 2021-08-12 10:18:13 -05:00
git_submodule_url_exec.rb add notes to updated modules 2021-08-12 10:18:13 -05:00
gitea_git_fetch_rce.rb Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
gitea_git_hooks_rce.rb Update gitea git hooks rce check method 2021-10-01 01:11:11 +01:00
gitlab_exif_rce.rb Changed qx delimiter to # and added it to badchars. Defaulted to a staged payload 2021-11-03 10:51:37 -07:00
gitlab_file_read_rce.rb Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
gitlab_github_import_rce_cve_2022_2992.rb Fix exception handler & add doc 2023-06-06 17:43:22 +02:00
gitlab_shell_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
gitlist_arg_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
gitorious_graph.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
glassfish_deployer.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
glossword_upload_exec.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
glpi_install_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
gogs_git_hooks_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
horde_csv_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
horde_form_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
horde_href_backdoor.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
horizontcms_upload_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
hp_sitescope_issuesiebelcmd.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
hp_sitescope_uploadfileshandler.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
hp_sys_mgmt_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
hyperic_hq_script_console.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ibm_openadmin_tool_soap_welcomeserver_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ispconfig_php_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
jboss_bshdeployer.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
jboss_deploymentfilerepository.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
jboss_invoke_deploy.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
jboss_maindeployer.rb Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
jboss_seam_upload_exec.rb Zeitwerk `rex` folder 2021-02-08 12:24:12 +00:00
jenkins_metaprogramming.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
jenkins_script_console.rb adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
jenkins_xstream_deserialize.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
jetbrains_teamcity_rce_cve_2023_42793.rb Minor code changes 2023-09-28 13:19:26 -04:00
jetbrains_teamcity_rce_cve_2024_27198.rb reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless 2024-03-13 09:58:51 +00:00
jira_hipchat_template.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
jira_plugin_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
joomla_http_header_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
kong_gateway_admin_api_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
kordil_edms_upload_exec.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
lcms_php_exec.rb Update broken secunia references 2023-03-23 10:43:57 +00:00
liferay_java_unmarshalling.rb Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
log1cms_ajax_create_folder.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
log4shell_header_injection.rb prevent .keys call on nil in log4shell_header_injection 2022-12-15 12:51:30 +02:00
lucee_scheduled_job.rb Use coldfusion to decode base64 data 2023-02-28 17:32:56 -05:00
magento_unserialize.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
makoserver_cmd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
manage_engine_dc_pmp_sqli.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb Fix CVE 2023-01-30 12:18:08 +01:00
manageengine_auth_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
manageengine_sd_uploader.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
manageengine_search_sqli.rb Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb Set Java target default paylaod to `java/meterpreter/reverse_tcp` 2024-03-04 20:33:27 +01:00
mantisbt_manage_proj_page_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
mantisbt_php_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
maracms_upload_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
mediawiki_syntaxhighlight.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
mediawiki_thumb.rb Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
metasploit_static_secret_key_base.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
metasploit_webui_console_command_execution.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
microfocus_obm_auth_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
microfocus_ucmdb_unauth_deser.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
mirth_connect_cve_2023_43208.rb Check the response when exploiting 2024-01-29 14:38:49 -05:00
mma_backdoor_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
mobilecartly_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
monitorr_webshell_rce_cve_2020_28871.rb use target_uri.path in requests 2023-03-22 12:50:11 -05:00
monstra_fileupload_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
moodle_admin_shell_upload.rb rubocop 2021-10-11 16:23:09 -04:00
moodle_spelling_binary_rce.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
moodle_spelling_path_rce.rb more libs for moodle and teacher priv esc to rce module 2021-09-04 13:31:11 -04:00
moodle_teacher_enrollment_priv_esc_to_rce.rb rubocop 2021-10-11 16:23:09 -04:00
movabletype_upgrade_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
mutiny_subnetmask_exec.rb Removed redundant cleanup calls which exploit_driver will call anyway 2022-03-11 12:08:51 +11:00
mybb_rce_cve_2022_24734.rb Fixes from code review 2022-05-30 16:24:18 +02:00
nas4free_php_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
navigate_cms_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netwin_surgeftp_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
nibbleblog_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
nostromo_code_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
novell_servicedesk_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
nuuo_nvrmini_upgrade_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
october_upload_bypass_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
op5_license.rb Update broken secunia references 2023-03-23 10:43:57 +00:00
op5_welcome.rb Update broken secunia references 2023-03-23 10:43:57 +00:00
open_web_analytics_rce.rb Add DefangedMode to warn the user 2023-03-16 18:07:28 +01:00
openfire_auth_bypass.rb Adjust files to be better shared 2023-07-14 12:47:04 -05:00
openfire_auth_bypass_rce_cve_2023_32315.rb fixed the invalid character at the store_valid_credential‎ function 2023-07-18 08:38:06 +00:00
openmediavault_cmd_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
openmrs_deserialization.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
openx_backdoor_php.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
opmanager_socialit_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
opmanager_sumpdu_deserialization.rb Add a note about exploitable versions 2021-09-16 17:08:23 -04:00
oracle_ats_file_upload.rb Fix exploit/multi/http/oracle_ats_file_upload 2019-02-25 11:35:34 -06:00
oracle_reports_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
oracle_weblogic_wsat_deserialization_rce.rb Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
orientdb_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
oscommerce_installer_unauth_code_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pandora_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
papercut_ng_auth_bypass.rb Removing unnecessary assignment 2023-05-31 19:17:30 +00:00
pentaho_business_server_authbypass_and_ssti.rb require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
phoenix_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
php_cgi_arg_injection.rb php_cgi_arg_injection: Fix check regex match to detect code html tag 2023-03-27 15:21:04 +11:00
php_fpm_rce.rb Update php_fpm_rce.rb 2022-06-03 11:23:53 +03:00
php_utility_belt_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
php_volunteer_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpfilemanager_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpldapadmin_query_engine.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpmailer_arg_injection.rb Fix a whitespace issue, restore option naming 2022-06-29 12:24:29 -04:00
phpmoadmin_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpmyadmin_3522_backdoor.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpmyadmin_lfi_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
phpmyadmin_null_termination_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
phpmyadmin_preg_replace.rb reduces code duplication 2023-04-04 10:27:11 +01:00
phpscheduleit_start_date.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpstudy_backdoor_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
phptax_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
phpwiki_ploticus_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pimcore_unserialize_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
playsms_filename_exec.rb Update more modules to use the vars_form_data api 2022-05-11 18:18:21 +01:00
playsms_template_injection.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
playsms_uploadcsv_exec.rb Update more modules to use the vars_form_data api 2022-05-11 18:18:21 +01:00
plone_popen2.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pmwiki_pagelist.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
polarcms_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
processmaker_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
processmaker_plugin_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
qdpm_authenticated_rce.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
qdpm_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_actionpack_inline_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_double_tap.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_dynamic_render_code_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_json_yaml_code_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_secret_deserialization.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_web_console_v2_code_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rails_xml_yaml_code_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
rocket_servergraph_file_requestor_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rudder_server_sqli_rce.rb Add a comment explaining why the Windows target is disabled 2023-07-31 15:13:35 +02:00
sflog_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
shiro_rememberme_v124_deserialize.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
shopware_createinstancefromnamedarguments_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
simple_backdoors_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sit_file_upload.rb Update broken secunia references 2023-03-23 10:43:57 +00:00
snortreport_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
solarwinds_store_manager_auth_filter.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
solr_velocity_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
sonicwall_gms_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sonicwall_scrutinizer_methoddetail_sqli.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sonicwall_shell_injection_cve_2023_34124.rb Resolve PR comments 2023-09-06 14:11:29 -07:00
splunk_mappy_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
splunk_privilege_escalation_cve_2023_32707.rb Update splunk cve-2023-32707 to use reviewed changes 2024-02-22 17:13:44 +05:30
splunk_upload_app_exec.rb Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
spree_search_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
spree_searchlogic_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
spring_cloud_function_spel_injection.rb Fix the check method, add docs 2022-03-31 09:01:08 -04:00
spring_framework_rce_spring4shell.rb Rename the function to emphasize truthy 2022-05-13 09:16:01 -04:00
struts2_code_exec_showcase.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts2_content_type_ognl.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts2_multi_eval_ognl.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
struts2_namespace_ognl.rb Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
struts2_rest_xstream.rb Fix missing split in struts2_rest_xstream 2019-07-10 11:15:36 -05:00
struts_code_exec.rb exploits: Set tftphost option for modules which use Windows TFTP stager 2022-06-29 19:10:52 +10:00
struts_code_exec_classloader.rb Update a couple of modules for the new SMB server 2022-05-16 14:39:45 -04:00
struts_code_exec_exception_delegator.rb exploits: Set tftphost option for modules which use Windows TFTP stager 2022-06-29 19:10:52 +10:00
struts_code_exec_parameters.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts_default_action_mapper.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
struts_dev_mode.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts_dmi_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts_dmi_rest_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
struts_include_params.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
stunshell_eval.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
stunshell_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
subrion_cms_file_upload_rce.rb Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
sugarcrm_webshell_cve_2023_22952.rb added MIME, added break in mixin and added link with installation instructions 2023-03-09 09:28:46 -06:00
sun_jsws_dav_options.rb Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
sysaid_auth_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sysaid_rdslogs_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
testlink_upload_exec.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
tomcat_jsp_upload_bypass.rb Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
tomcat_mgr_deploy.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
tomcat_mgr_upload.rb Update more modules to use the vars_form_data api 2022-05-11 18:18:21 +01:00
torchserver_cve_2023_43654.rb Address comments from the review 2023-10-12 09:50:19 -04:00
totaljs_cms_widget_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
traq_plugin_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
trendmicro_threat_discovery_admin_sys_time_cmdi.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ubiquiti_unifi_log4shell.rb More redundant cleanup calls 2022-03-11 12:22:27 +11:00
uptime_file_upload_1.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
uptime_file_upload_2.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
v0pcr3w_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vbseo_proc_deutf.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vbulletin_getindexablecontent.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
vbulletin_unserialize.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vbulletin_widget_template_rce.rb Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
vbulletin_widgetconfig_rce.rb Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
visual_mining_netcharts_upload.rb Remove superfluous `default_cred?` methods 2021-04-07 06:12:25 -05:00
vmware_vcenter_log4shell.rb Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
vmware_vcenter_uploadova_rce.rb Update module credits 2021-07-14 15:10:25 -05:00
vtiger_install_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vtiger_logo_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vtiger_php_exec.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
vtiger_soap_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
weblogic_admin_handle_rce.rb Improve here doc formatting 2021-07-08 01:19:21 -05:00
webnms_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
webpagetest_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
werkzeug_debug_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wikka_spam_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wp_ait_csv_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
wp_backup_migration_php_filter.rb Revert "Changed payload double quote to single" 2024-01-16 14:49:22 -05:00
wp_catch_themes_demo_import.rb string true to bool true 2022-10-03 19:50:04 -04:00
wp_crop_rce.rb add option in documentation and add notes 2022-10-25 12:22:00 -05:00
wp_db_backup_rce.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
wp_dnd_mul_file_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
wp_file_manager_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
wp_ninja_forms_unauthenticated_file_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wp_plugin_backup_guard_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
wp_plugin_elementor_auth_upload_rce.rb use vars_form_data 2022-10-03 14:43:12 -04:00
wp_plugin_fma_shortcode_unauth_rce.rb removed powershell mixin 2023-07-25 14:06:45 +01:00
wp_plugin_modern_events_calendar_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
wp_plugin_sp_project_document_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
wp_popular_posts_rce.rb string true to bool true 2022-10-03 19:50:04 -04:00
wp_responsive_thumbnail_slider_upload.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
wp_royal_elementor_addons_rce.rb Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb 2023-11-28 08:15:27 +01:00
wp_simple_file_list_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
wso2_file_upload_rce.rb Rename the function to emphasize truthy 2022-05-13 09:16:01 -04:00
x7chat2_php_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zabbix_script_exec.rb Rename the function to emphasize truthy 2022-05-13 09:16:01 -04:00
zemra_panel_rce.rb fix broken module references 2023-04-01 05:17:02 -07:00
zenworks_configuration_management_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zenworks_control_center_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zpanel_information_disclosure_rce.rb Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00