Skip to content

Instantly share code, notes, and snippets.

Add WordPress WPshop eCommerce File Upload.
Add WordPress GI-Media Library Plugin File Read.
Add WordPress InBoundio Marketing File Upload module
Sqlmap plugin json parse issue
Case insensitive plugin unload
https://github.com/rapid7/metasploit-framework/pulls/wchen-r7
https://github.com/rapid7/metasploit-framework/pulls/brandonprry
### Keybase proof
I hereby claim:
* I am jvazquez-r7 on github.
* I am jvazquezr7 (https://keybase.io/jvazquezr7) on keybase.
* I have a public key whose fingerprint is 8D3C 106D BF6A FC75 F00E 15AF 38D9 9152 B935 2D83
To claim this, I am signing this object:
* bad
```
.text:0000000180001FC0 ; int __cdecl find_and_replace_member(unsigned int *Structure, unsigned int CurrentValue, unsigned int NewValue, unsigned int MaxSize)
.text:0000000180001FC0 find_and_replace_member proc near ; CODE XREF: shellcode_ring0+96p
.text:0000000180001FC0 ; DATA XREF: .pdata:0000000180078048o
.text:0000000180001FC0
.text:0000000180001FC0 i_var_18 = dword ptr -18h
.text:0000000180001FC0 Mask_var_14 = dword ptr -14h
.text:0000000180001FC0 Structure_arg_0 = qword ptr 8
@jvazquez-r7
jvazquez-r7 / gist:5845b5d00457d550c875
Last active August 29, 2015 14:02
Public Vulnerabilities
* ZDI-15-363: Hewlett-Packard Client Automation Agent Stack Based Buffer Overflow Remote Code Execution Vulnerability. The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send a large buffer of data to the agent which will cause a stack buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM.
* CVE-2014-0782: Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
* CVE-2014-0784: Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
* CVE-2014-0783: Stack-ba
@jvazquez-r7
jvazquez-r7 / gist:7438687
Created November 12, 2013 21:05
java_storeimagearray
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking # Because there isn't click2play bypass, plus now Java Security Level High by default
@jvazquez-r7
jvazquez-r7 / gist:7421555
Last active December 28, 2015 01:38
BrowserExploitServer Aladdin Exploit
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
@jvazquez-r7
jvazquez-r7 / gist:7321429
Created November 5, 2013 16:10
My public key
$ cat mykey.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (Darwin)
mQENBFArs6YBCADPED8oZjIQ1xyc3ujeZzPG+QoqRCWM6CMyuBd6DKSimxgc1dxK
UnuNPaPmiCE1IPdgLPsTq+FIIlRbYkpbjdbzSLEUz39NE4RCylHl0sabelrc2O12
7UEe5PSm2s1bsDUD6wanzr1AmJDANI6e1u5Dl1NSNlfijNBTQHcbF8LvQbmXPj6B
vvyRS1SXfmDH3y1uOiujJUaiBjnthXHR1+nIp0FRPFFcuVHZJUT1Nw1Hla22TyMx
estt9450VwVKzcrZvd2EgrhrTwoSZ6hu85YwRccmqMbZfkBR28KO+MqUhimoO93t
KaxQAuCdcaCPPRpO5Ss7AQOLEb+pqqiMbhvXABEBAAG0Kkp1YW4gVmF6cXVleiA8
@jvazquez-r7
jvazquez-r7 / gist:6782412
Created October 1, 2013 17:57
ie_setmousecapture_uaf using ropdb
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
@jvazquez-r7
jvazquez-r7 / wordpress_mixin_test.rb
Created September 24, 2013 15:25
Wordpress mixin Tester
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit4 < Msf::Auxiliary