Skip to content
This repository has been archived by the owner on Oct 22, 2020. It is now read-only.

v1.9.2
Compare
Choose a tag to compare
@rastating rastating released this 14 Apr 13:42
· 151 commits to master since this release
v1.9.2
f8d1b57

Bug Fixes

  • Fix HTTP server not shutting down properly after unexpected errors
  • Fix indentation issue when an error is thrown whilst yielding in an indent block
  • Increase password complexity used by XSS stager to prevent failures in non-default setups

Dependencies

  • Upgrade Ruby to 2.5.1

General Changes

  • Add setg and unsetg commands to the CLI
  • Improve test coverage
  • Add some missing documentation

New Modules

  • Add AccessPress Anonymous Post Pro < 3.2.0 shell upload
  • Add Affiliate Ads for Clickbank Products <= 1.5 reflected XSS shell upload
  • Add Caldera Forms <= 1.5.4 reflected XSS shell upload
  • Add CSV Import-Export <= 1.1 reflected XSS shell upload
  • Add Custom Map <= 1.1 reflected XSS shell upload
  • Add Custom Permalinks <= 1.1 reflected XSS shell upload
  • Add Duplicator <= 1.2.32 reflected XSS shell upload
  • Add Emag Marketplace Connector 1.0 reflected XSS shell upload
  • Add Email Subscribers & Newsletters <= 3.4.7 user list disclosure
  • Add File Manager <= 5.0.0 database credentials disclosure
  • Add flickrRSS <= 5.3.1 reflected XSS shell upload
  • Add GD Rating System <= 2.3 reflected XSS shell upload
  • Add ImageInject <= 1.15 CSRF stored XSS shell upload
  • Add Instagram Feed <= 1.5.1 reflected XSS shell upload
  • Add iThemes Security <= 6.9.0 stored XSS shell upload
  • Add Photo Gallery by WD <= 1.3.66 reflected XSS shell upload
  • Add Pinterest Feed <= 1.1.1 reflected XSS shell upload
  • Add PopCash.Net Code Integration Tool <= 1.0 reflected XSS shell upload
  • Add PropertyHive <= 1.4.14 reflected XSS shell upload
  • Add Site Editor <= 1.1.1 file download
  • Add Smart Google Code Inserter <= 3.4 stored XSS shell upload
  • Add Smart Marketing SMS and Newsletters Forms <= 1.1.1 reflected XSS shell upload
  • Add Social Media Widget <= 3.2.5 CSRF stored XSS shell upload
  • Add srbtranslatin 1.46 CSRF stored XSS shell upload
  • Add Super Socializer <= 7.10.6 authentication bypass
  • Add Super Socializer <= 7.10.6 unauthenticated shell upload
  • Add User Login History <= 1.5 reflected XSS shell upload
  • Add WordPress <= 4.9.2 - Application Denial of Service auxiliary module
  • Add WordPress Concours <= 1.1 reflected XSS shell upload
  • Add WP Background Takeover <= 4.1.4 file download
  • Add WP Retina 2x <= 5.2.0 reflected XSS shell upload
  • Add Yoast SEO < 5.8.0 reflected XSS shell upload
  • Add Z-URL Preview <= 1.6.2 reflected XSS shell upload
Assets 2
Loading