bcoles

This module is `ARCH_PHP`: https://github.com/rapid7/metasploit-framework/blob/54cdcc6731468e7577fc6674b357096d5c710841/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb#L43 The module includes the payload within PHP code. https://github.com/rapid7/metasploit-framework/blob/54cdcc6731468e7577fc6674b357096d5c710841/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb#L202 Have you tried setting a compatible PHP payload? ``` msf6 exploit(unix/webapp/tikiwiki_graph_formula_exec) > set payload php/ set...

Looks like this module is broken. The defined `BadChars` are quite restrictive: https://github.com/rapid7/metasploit-framework/blob/b5129fe19874e74d5a103bb9d1372fb30f618b32/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb#L40 Unfortunately using a Base64 encoder (`php/base64`, `php/minify`, `php/hex`) will still use bad characters (`'` or `"`).

> I'm new to contributing here and this is my first PR. Welcome! > Could I get some clarification on what kind of documentation you'd like for this module? Refer...

I know other people have encountered this issue too. @7043mcgeep As a resident Oracle Expert, would you mind also taking a look at this? If you can post the `xml`...

Removing the stale label. This is probably still a bug, but there's no appetite to fix it.

Bug exists here: https://github.com/rapid7/metasploit-framework/blob/17ef194c52ff4e5adb8349d67879e910a063a062/modules/exploits/linux/redis/redis_replication_cmd_exec.rb#L231-L237 The module attempts to *write* to the Metasploit `./data/` directory.

> > > @bcoles I would like to work on this issue All yours. I don't think anyone else is working on it. I suggest performing all changes to the...

@hack3r-0m any luck with this?

``` cd kernel && make ```