infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make the description a little more descriptive. 

git-svn-id: file:///home/svn/framework3/trunk@9611 4d416f70-5f16-0410-b530-b9f4589650da
unstable
James Lee 2010-06-24 18:34:37 +00:00
parent 32fa35d53f
commit e47f38365d
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb
View File

@ -20,10 +20,12 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'TikiWiki tiki-graph_formula Remote PHP Code Execution', 'Name' => 'TikiWiki tiki-graph_formula Remote PHP Code Execution',
'Description' => %q{ 'Description' => %q{
TikiWiki (<= 1.9.8) contains a flaw that may allow a remote attacker to execute arbitrary commands. TikiWiki (<= 1.9.8) contains a flaw that may allow a remote
The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input attacker to execute arbitrary PHP code. The issue is due to
supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP 'tiki-graph_formula.php' script not properly sanitizing user
code resulting in a loss of integrity. input supplied to create_function(), which may allow a remote
attacker to execute arbitrary PHP code resulting in a loss of
integrity.
}, },
'Author' => [ 'Matteo Cantoni <goony[at]nothink.org>', 'jduck' ], 'Author' => [ 'Matteo Cantoni <goony[at]nothink.org>', 'jduck' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,