This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.
f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08cThis Metasploit module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 correct this vulnerability.
dbde0118738f8ec88172bdd2d8c742551346fd8f2a6024c26e8db71ac19bbecbThis Metasploit module scans for ServerTechs Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials.
ea9a49f43b18efdec70397195d549a5898b68c47aa21c2551cd1058b7efb808cThis Metasploit module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This Metasploit module tested successfully against a Cisco 1600 Router IOS v11.3(11d).
f47c8e7887760a5e15e7ecfe81baff6ced2ddb34267bcb19aff00e68bad4084eThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.
2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397This Metasploit module exploits a directory traversal vulnerability present in several Barracuda products, including the Barracuda Spam and Virus Firewall, Barracuda SSL VPN, and the Barracuda Web Application Firewall. By default, this module will attempt to download the Barracuda configuration file.
6442c5754109debd479b03a4170762b45607423d76b1903b7a24b3253875c7b2This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "Simple Backup" version 2.7.10, allowing to read arbitrary files with the web server privileges.
61f6a4e4921a58a63cca20abf255135172544871c3ca345e5acc8abd9d439b6eThis Metasploit module generates a GET request to the provided web servers and executes an SSRF against the targeted EMBY server. Returns the server header, HTML title attribute and location header (if set). This is useful for rapidly identifying web applications on the internal network using the Emby SSRF vulnerability.
fcd1acfc1aea918108a97ea953c37ce3f9c7c4fea3d526e2df6c4414ad277111This Metasploit module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided statecode cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal sequence and appending a NULL byte, any file readable by the web user can be exposed. The web user has read access to a number of sensitive files, including the system configuration and files uploaded to the appliance by users. This issue was confirmed on version FTA_9_11_200, but may apply to previous versions as well. This issue was fixed in software update FTA_9_11_210.
54b5d23c43a234a88b3e5e9d8345ae34b6dec9bf36741d5a1bc88d1cdf6813e5This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This Metasploit module extracts the administrator username and password, and the usernames and passwords or password hashes for all users. This Metasploit module has been tested successfully on SurgeNews version 2.0a-13 on Windows 7 SP 1 and 2.0a-12 on Ubuntu Linux.
73764b44f63d2549636f9a072cfc6159cd3fc1782b3972e02ed0b63dd113c7dcThis Metasploit module scans for OpenMind Message-OS provisioning web login portal, and performs a login brute force attack to identify valid credentials.
28480da105e7aa249ae3a2817a7fb69f5cd9b5986973631805327c9c32624fc3This Metasploit module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials.
19d08d4f5b105944f70b819c179403363836a5d079c1223718e0f4bb91836bf6This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "DukaPress" versions less than or equal to 2.5.3, allowing to read arbitrary files with the web server privileges.
a534bb38da2e6e4279d9c429b273f4dc2bd07839bb464b1f89072d15672e1f5bThis Metasploit module enumerates Apache Tomcats usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The admin package is no longer provided for Tomcat 6 and later versions.
ddc9c4c9f598773b8e0921e7125f71bd3f5c7f1793c0f1c17a1adfd1577b0e43This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers.
cf57e41e4e7598060afb12233b6e95687df308ec41eb8647506b622e6052eaf4This Metasploit module tries to identify unique virtual hosts hosted by the target web server.
08261c4bf0143e0854d3c619351a9f5b6242b7465c1d0622634759ab8be05d9fThis Metasploit module scans for Cisco ASA Clientless SSL VPN (WebVPN) web login portals and performs login brute-force to identify valid credentials.
983f31bd8edeeb35f86c4eda6d8e40112b381f09fec355e208711ecccd89c799This Metasploit module exploits a directory traversal vulnerability in Novell Groupwise. The vulnerability exists in the web interface of both the Post Office and the MTA agents. This Metasploit module has been tested successfully on Novell Groupwise 8.02 HP2 over Windows 2003 SP2.
cf3c10c3309d3a179dabde680510ab0063386316124c0e6cf1c7d34f3864c865This Metasploit module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowing to read arbitrary files with the web server privileges.
64c5fa4a4c496821d7e786dd634977b36db94e56b76ac0110a7c936a85a84f1fThis Metasploit module scans for Radware AppDirectors web login portal, and performs login brute force to identify valid credentials.
06be4d3b7aacdc65c359d439b5b7fed02d8b06ee7fa5627c57d94a1ea6709f9fThis Metasploit module exploits a directory traversal vulnerability in Ciscos Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software. It lists the contents of Ciscos VPN web service which includes directories, files, and currently logged in users.
e8b395cf6df8cf62cd4fe6d2f7723d35e8e26a64675e9f380f11ed7370dec63dChecks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and matching a pattern. The CONNECT method is verified only the return code. HTTP headers are shown regarding the use of proxy or load balancer.
8a0266333291f7df747501b70f5b9f99d56d9c23eda6f14be90cd699b795cbbdThis Metasploit module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve the configuration parameters of Novell Zenworks Asset Management, including the database credentials in clear text. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
1d9e7ba3c5437ccfb3683cfc6321e1b7024fe5a849eab97a085b5868e1d6209eThis Metasploit module test for authentication bypass using different HTTP verbs.
a50ad83fc15a997219900fc6f730f8e9b12750ef159913a0418fb239a854e45cThis Metasploit module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULT_CRED variable to true. The MSF_DATA_DIRECTORY/wordlists/sap_default.txt path store stores these default combinations.
5b059712a374ae4fd1c41ed977a19e72fe22c49b2377deff8c9e4b5e2d17dfcf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed