DakotaNelson / sneaky-creeper

Get your APT on using social media as a tool for data exfiltration.
https://strikersecurity.com/projects/sneaky-creeper-covert-data-exfiltration/
MIT License
143 stars 28 forks source link

Wikipedia Channel #91

Open DakotaNelson opened 8 years ago

DakotaNelson commented 8 years ago

MediaWiki, which Wikipedia is based on, can upload files by fetching them from a remote URL on command and also send emails!

From https://en.wikipedia.org/w/api.php?action=help&modules=upload:

Upload a file, or get the status of pending uploads.

Several methods are available:

Upload file contents directly, using the file parameter. Upload the file in pieces, using the filesize, chunk, and offset parameters. Have the MediaWiki server fetch a file from a URL, using the url parameter. Complete an earlier upload that failed due to warnings, using the filekey parameter.

From https://en.wikipedia.org/w/api.php?action=help&modules=emailuser:

Parameters: target User to send email to.

subject Subject header.

text Mail body.

ccme Send a copy of this mail to me.

How cool is that?!