Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 171 - 180 of 3664 in total

Metasploit Web UI Static secret_key_base Value Exploit

Disclosed: September 15, 2016

This module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving co...

Telpho10 Backup Credentials Dumper Exploit

Disclosed: September 02, 2016

This module exploits a vulnerability found in Telpho10 telephone system appliance. This module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This module has been successfully tested on the appliance.

Metasploit Web UI Diagnostic Console Command Execution Exploit

Disclosed: August 23, 2016

This module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic...

NodeJS Debugger Command Injection Exploit

Disclosed: August 15, 2016

This module uses the "evaluate" request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The port (default 5858) is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration.

Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key) Exploit

Disclosed: August 15, 2016

This module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans...

ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure Exploit

Disclosed: August 11, 2016

This module exploits a directory traversal vulnerability found in ColoradoFTP server version <= 1.3 Build 8. This vulnerability allows an attacker to download and upload arbitrary files from the server GET/PUT command including file system traversal strings starting with '\\'. The server is written in Java and therefore p...

Zabbix toggle_ids SQL Injection Exploit

Disclosed: August 11, 2016

This module will exploit a SQL injection in Zabbix 3.0.3 and likely prior in order to save the current usernames and password hashes from the database to a JSON file.

Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability Exploit

Disclosed: August 09, 2016

It was found that Internet Explorer allows the disclosure of local file names. This issue exists due to the fact that Internet Explorer behaves different for file:// URLs pointing to existing and non-existent files. When used in combination with HTML5 sandbox iframes it is possible to use this behavior to find out...

Trend Micro Smart Protection Server Exec Remote Code Injection Exploit

Disclosed: August 08, 2016

This module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.

Samsung Security Manager 1.4 ActiveMQ Broker Service PUT Method Remote Code Execution Exploit

Disclosed: August 05, 2016

This is an exploit against Samsung Security Manager that bypasses the patch in ZDI-15-156 & ZDI-16-481 by exploiting the vulnerability against the client-side. This exploit has been tested successfully using IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally a traversa...