From c69e34d407e444187949658debc35874439e117d Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 10 May 2012 12:02:55 -0500 Subject: [PATCH] Update description --- modules/exploits/multi/http/wikka_spam_exec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/exploits/multi/http/wikka_spam_exec.rb b/modules/exploits/multi/http/wikka_spam_exec.rb index fa6f1f6c45..c05172cdd7 100644 --- a/modules/exploits/multi/http/wikka_spam_exec.rb +++ b/modules/exploits/multi/http/wikka_spam_exec.rb @@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote 'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection", 'Description' => %q{ This module exploits a vulnerability found in WikkaWiki. When the spam logging - feature is enabled, it is possible to inject PHP code into the spam log file, and - then request it to execute our payload. There are at least three different ways - to trigger spam protection, this module does so by generating 10 fake URLs in a - comment (by default, the max_new_comment_urls parameter is 6). + feature is enabled, it is possible to inject PHP code into the spam log file via the + UserAgent header , and then request it to execute our payload. There are at least + three different ways to trigger spam protection, this module does so by generating + 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.