dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update description

This commit is contained in:
sinn3r 2012-05-10 12:02:55 -05:00
parent 86c3ad5e0c
commit c69e34d407
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/multi/http/wikka_spam_exec.rb
View File

@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Name' => "WikkaWiki 1.3.2 Spam Logging PHP Injection",
'Description' => %q{
This module exploits a vulnerability found in WikkaWiki. When the spam logging
feature is enabled, it is possible to inject PHP code into the spam log file, and
then request it to execute our payload. There are at least three different ways
to trigger spam protection, this module does so by generating 10 fake URLs in a
comment (by default, the max_new_comment_urls parameter is 6).
feature is enabled, it is possible to inject PHP code into the spam log file via the
UserAgent header , and then request it to execute our payload. There are at least
three different ways to trigger spam protection, this module does so by generating
10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).
Please note that in order to use the injection, you must manually pick a page
first that allows you to add a comment, and then set it as 'PAGE'.