mgenay:technique:extractprog.php
extractprog.php
<?php
unset( $DP );
unset( $IP );
$wgCommandLineMode = false;
define( 'MEDIAWIKI', true );
if ( isset( $_REQUEST['GLOBALS'] ) ) {
echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
die( -1 );
}
require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
require_once( './includes/Article.php' );
require_once( './includes/Title.php' );
require_once( './includes/RawPage.php' );
require_once( 'includes/Setup.php' );
$title = $wgRequest->getVal( 'title' );
$otitle = Title::newFromText($title);
$article = new Article( $otitle );
$rp = new RawPage( $article, $wgRequest );
$text = $rp->getRawText();
$mkdirPattern = '/\{md\|(.*)\}(.*)$/siU';
$downloadPattern = '/\{dl\|(.*)\|(.*)\|(.*)\}(.*)$/siU';
$textleft=$text;
do {
$result = preg_match( $mkdirPattern , $textleft, $part );
if ( $result >0 )
{
$textleft=$part[2];
print "mkdir ".$part[1]."\n";
}
}while ( $result>0 );
$textleft=$text;
do {
$result = preg_match( $downloadPattern, $textleft, $part );
if ( $result >0 )
{
$textleft=$part[4];
if ($part[1]=="") $part[1]='.';
print "wget \"".$wgServer.$wgScriptPath."/extractcode.php?title=".$part[2]."§ion=".$part[3]."\" -O ".$part[1]."/".$part[3]."\n";
} else {
}
}while ( $result>0 );
header( "content-type: text/plain");
?>
mgenay/technique/extractprog.php.txt · Last modified: by 127.0.0.1