MediaWiki/Parser51

From Nick Jenkins
Jump to: navigation, search

This CURL comand:

curl --silent --include \
 --cookie 'wikidb_session=../../../../etc/passwd ; select user_name from user;'\
 -F 'wpName'='XXX'\
 -F 'wpPassword'='YYY'\
 '192.168.0.64/wiki/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=small'

(Or like this for the Wikipedia, where errors are being logged so there won't be anything in the HTML output):

curl --silent --include \
 --cookie 'enwiki_session=../../../../../../../etc/passwd ; select user_name from user;'\
 -F 'wpName'='XXX'\
 -F 'wpPassword'='YYY'\
 'en.wikipedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=small'

Gives output that includes these PHP warnings at the end (on a current SVN wiki with E_ALL enabled):

<br />
<b>Warning</b>:  Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) in <b>Unknown</b> on line <b>0</b><br />