Hi,
I have found possible Information disclosure bug in the site (mediawiki-1.32.3)
Bug:[Information Disclosure leads to disclose the Database query and database name]
Steps to reproduce:
1.Open the mediawiki using the site https://wiki.mahara.org
2.go to the search bar and enter the single quote(') in that search box and search
3.You will get the database query error disclose the information about DB
4.I won't move further to get the database tables,I stopped there...
Vulnerable url with payload:https://wiki.mahara.org/index.php?search='
DB Error Information:
[XX8dCLpOheXeQVoKqPS3LgAAAAU] /index.php?search=%27+--%2B Wikimedia\Rdbms\DBQueryError from line 1506 of /usr/share/mediawiki-1.32.3/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?
Query: SELECT to_tsquery(''' & ! -+')
Function: Wikimedia\Rdbms\Database::query
Error: 42601 ERROR: syntax error in tsquery: "' & ! -+"