From 1cc00b294422787dea14c214011f0bf7114255e4 Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Wed, 17 May 2017 23:23:00 -0500 Subject: [PATCH] Add vulnerable setup info in mediawiki_syntaxhighlight.md --- .../multi/http/mediawiki_syntaxhighlight.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md b/documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md index 1c7b85e0e2..0bcc85970c 100644 --- a/documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md +++ b/documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md @@ -2,6 +2,19 @@ Any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki 1.27.x & 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3. +## Vulnerable Setup + +To set up the vulnerable environment, please do: + + 1. Download [MediaWiki (such as 1.28.0)](https://releases.wikimedia.org/mediawiki/1.28/mediawiki-1.28.0.tar.gz) + 2. Install MediaWiki on a LAMP setup (ideally) + 3. Install composer ```curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer``` + 4. Do: ```cd /var/www/html/mediawiki/extensions/SyntaxHighlight_GeSHi``` + 5. Do: ```composer update``` + 6. Open your LocalSettings.php with a text editor, and add this line at the end of the file: ```wfLoadExtension( 'SyntaxHighlight_GeSHi' );``` + + At this point, you are ready to test this setup. + ## Verification Steps 1. `use exploit/multi/http/mediawiki_syntaxhighlight` @@ -35,6 +48,17 @@ In case the wiki is configured as private, a read-only (or better) account is needed to exploit this issue. Provide the password of that account here. ## Sample Output + +### The Check command + +The module comes with a check command that allows you to check whether the target might be +vulnerable or not, for example: + +``` +msf exploit(mediawiki_syntaxhighlight) > check +[*] 192.168.146.203:80 The target appears to be vulnerable. +``` + ### MediaWiki 1.27.1-2 on Ubuntu 16.10 ```