Update description
parent
86c3ad5e0c
commit
c69e34d407
|
@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection",
|
||||
'Description' => %q{
|
||||
This module exploits a vulnerability found in WikkaWiki. When the spam logging
|
||||
feature is enabled, it is possible to inject PHP code into the spam log file, and
|
||||
then request it to execute our payload. There are at least three different ways
|
||||
to trigger spam protection, this module does so by generating 10 fake URLs in a
|
||||
comment (by default, the max_new_comment_urls parameter is 6).
|
||||
feature is enabled, it is possible to inject PHP code into the spam log file via the
|
||||
UserAgent header , and then request it to execute our payload. There are at least
|
||||
three different ways to trigger spam protection, this module does so by generating
|
||||
10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).
|
||||
|
||||
Please note that in order to use the injection, you must manually pick a page
|
||||
first that allows you to add a comment, and then set it as 'PAGE'.
|
||||
|
|
Loading…
Reference in New Issue