infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update description

unstable
sinn3r 2012-05-10 12:02:55 -05:00
parent 86c3ad5e0c
commit c69e34d407
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/multi/http/wikka_spam_exec.rb
View File

@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection", 'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection",
'Description' => %q{ 'Description' => %q{
This module exploits a vulnerability found in WikkaWiki. When the spam logging This module exploits a vulnerability found in WikkaWiki. When the spam logging
feature is enabled, it is possible to inject PHP code into the spam log file, and feature is enabled, it is possible to inject PHP code into the spam log file via the
then request it to execute our payload. There are at least three different ways UserAgent header , and then request it to execute our payload. There are at least
to trigger spam protection, this module does so by generating 10 fake URLs in a three different ways to trigger spam protection, this module does so by generating
comment (by default, the max_new_comment_urls parameter is 6). 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).
Please note that in order to use the injection, you must manually pick a page Please note that in order to use the injection, you must manually pick a page
first that allows you to add a comment, and then set it as 'PAGE'. first that allows you to add a comment, and then set it as 'PAGE'.