MediaWiki/Parser51
From Nick Jenkins
This CURL comand:
curl --silent --include \ --cookie 'wikidb_session=../../../../etc/passwd ; select user_name from user;'\ -F 'wpName'='XXX'\ -F 'wpPassword'='YYY'\ '192.168.0.64/wiki/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=small'
(Or like this for the Wikipedia, where errors are being logged so there won't be anything in the HTML output):
curl --silent --include \ --cookie 'enwiki_session=../../../../../../../etc/passwd ; select user_name from user;'\ -F 'wpName'='XXX'\ -F 'wpPassword'='YYY'\ 'en.wikipedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=small'
Gives output that includes these PHP warnings at the end (on a current SVN wiki with E_ALL enabled):
<br /> <b>Warning</b>: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>Unknown</b> on line <b>0</b><br /> <br /> <b>Warning</b>: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) in <b>Unknown</b> on line <b>0</b><br />