Update description
parent
86c3ad5e0c
commit
c69e34d407
|
@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection",
|
'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection",
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a vulnerability found in WikkaWiki. When the spam logging
|
This module exploits a vulnerability found in WikkaWiki. When the spam logging
|
||||||
feature is enabled, it is possible to inject PHP code into the spam log file, and
|
feature is enabled, it is possible to inject PHP code into the spam log file via the
|
||||||
then request it to execute our payload. There are at least three different ways
|
UserAgent header , and then request it to execute our payload. There are at least
|
||||||
to trigger spam protection, this module does so by generating 10 fake URLs in a
|
three different ways to trigger spam protection, this module does so by generating
|
||||||
comment (by default, the max_new_comment_urls parameter is 6).
|
10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).
|
||||||
|
|
||||||
Please note that in order to use the injection, you must manually pick a page
|
Please note that in order to use the injection, you must manually pick a page
|
||||||
first that allows you to add a comment, and then set it as 'PAGE'.
|
first that allows you to add a comment, and then set it as 'PAGE'.
|
||||||
|
|
Loading…
Reference in New Issue