Rapid7 VulnDB

MediaWiki SyntaxHighlight extension option injection vulnerability

Back to Search

MediaWiki SyntaxHighlight extension option injection vulnerability

Disclosed
04/06/2017
Created
05/30/2018

Description

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki version 1.27.x & 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

Author(s)

  • Yorick Koster

Platform

PHP

Architectures

php

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/mediawiki_syntaxhighlight
msf exploit(mediawiki_syntaxhighlight) > show targets
    ...targets...
msf exploit(mediawiki_syntaxhighlight) > set TARGET < target-id >
msf exploit(mediawiki_syntaxhighlight) > show options
    ...show and set options...
msf exploit(mediawiki_syntaxhighlight) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;