WordPress Download Manager Unauthenticated File Upload

16 dicembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(
    info,
    'Name'           => 'Wordpress Download Manager (download-manager) Unauthenticated File Upload',
    'Description'    => %q{
      The WordPress download-manager plugin contains multiple unauthenticated file upload
      vulnerabilities which were fixed in version 2.7.5.
    },
    'Author'         =>
    [
      'Mickael Nadeau',    ...

Leggi il seguito »

Pandora FMS SQL Injection Remote Code Execution

26 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::FileDropper
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => 'Pandora FMS SQLi Remote Code Execution',
      'Description'    => %q{
        This module attempts to exploit multiple issues in order to gain remote
        code execution under Pandora FMS version <= 5.0 SP2.  First, an attempt
        to authenticate using default credentials is performed.  If this method
...

Leggi il seguito »

Samsung Galaxy KNOX Android Browser Remote Code Execution

18 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'digest/md5'
 
class Metasploit3 < Msf::Exploit::Remote
 
  include Msf::Exploit::Remote::BrowserExploitServer
 
  # Hash that maps payload ID -> (0|1) if an HTTP request has
  # been made to download a payload of that ID
  attr_reader :served_payloads
 
  def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Samsung Galaxy KNOX Android Browser RCE',
      'Description'         => %q{
        A vulnerability exists in the KNOX security component of the Samsung Galaxy
        firmware that allows...

Leggi il seguito »

Xerox Multifunction Printers (MFP) “Patch” DLM Escalation

3 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
 
  Rank = GoodRanking
  include Msf::Exploit::Remote::Tcp
 
  def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability',
      'Description'     => %{
        This module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By
        supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary
        commands under root priviages.
      },
      'Author'     ...

Leggi il seguito »

Centreon SQL / Command Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Centreon SQL and Command Injection',
      'Description'    => %q{
        This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon
        Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command
        injection in the displayServiceStatus.php component, it is possible to execute arbitrary
 ...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »

Pure-FTPd External Authentication Bash Environment Variable Code Injection

2 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::Ftp
  include Msf::Exploit::CmdStager
 
  def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection',
      'Description'     => %q(
        This module exploits the code injection flaw known as shellshock which
        leverages specially crafted environment variables in Bash. This exploit
        specifically targets Pure-FTPd when configured to...

Leggi il seguito »

DHCP Client Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'rex/proto/dhcp'
 
class Metasploit3 < Msf::Auxiliary
 
  include Msf::Exploit::Remote::DHCPServer
 
  def initialize
    super(
      'Name'        => 'DHCP Client Bash Environment Variable Code Injection',
      'Description'    => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting dhclient network configuration
        scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
      },
      'Author'      =>
        [
          'scriptjunkie',...

Leggi il seguito »

Apache mod_cgi Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Remote
  Rank = GoodRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
 
  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Apache mod_cgi Bash Environment Variable Code Injection',
      'Description' => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting Apache mod_cgi scripts through
        the HTTP_USER_AGENT variable.
      },
      'Author' => [
        'Stephane...

Leggi il seguito »

bashedCgi Remote Command Execution

29 settembre 2014 - Fonte: http://www.mondounix.com
    require 'msf/core'
 
    class Metasploit3 < Msf::Auxiliary
 
        include Msf::Exploit::Remote::HttpClient
 
 
        def initialize(info = {})
            super(update_info(info,
                'Name'           => 'bashedCgi',
                'Description'    => %q{
                   Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. 
                },
                'Author'         => [ 'Stephane Chazelas' ], # vuln discovery 
     'Author'   => [ 'Shaun Colley <scolley at ioactive.com>' ], # metasploit module 
                'License'        => MSF_LICENSE,
...

Leggi il seguito »