My target requires the Authorization header with credentials to get into. I have the credentials but the module I’m using (multi/http/mediawiki_thumb) doesn’t seem to have an option for Authorization.
I’ve tried setting RHOSTS to user:pass@example.com but that gives the error (-) Exploit failed: One or more options failed to validate: RHOSTS..
I’ve also tried setting HttpUsername and HttpPassword to the respetive credentials, with RHOST as example.com and TARGETURI as / (I believe that’s the root since it’s the root of the files in mediawiki, confirmed by running gobuster on files in the repository) but that gives me the error (-) Exploit aborted due to failure: unexpected-reply: Couldn't find login token. Is URI set correctly?.
What am I doing wrong here? Is it the URI or the Authorization?
