17 Dec 00:51
POSSIBLE SECURITY FLAW IN INDEX.PHP (Cross-Scripting)
From: Tom Markle <markletp@...>
Subject: POSSIBLE SECURITY FLAW IN INDEX.PHP (Cross-Scripting)
Newsgroups: gmane.science.linguistics.wikipedia.technical
Date: 2005-12-16 23:53:13 GMT
Subject: POSSIBLE SECURITY FLAW IN INDEX.PHP (Cross-Scripting)
Newsgroups: gmane.science.linguistics.wikipedia.technical
Date: 2005-12-16 23:53:13 GMT
Hi, You need to take steps to prevent malicious scripting- currently various forms of <form id="editform" name="editform" method="post" action=" http://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&action=submit " enctype="multipart/form-data"> <input type='hidden' value="" name="wpSection" /> <input type='hidden' value="20000101010101" name="wpStarttime" /> <input type='hidden' value="20051216225758" name="wpEdittime" /> <input type='hidden' value="" name="wpScrolltop" id="wpScrolltop" /> <input type='hidden' value="SPAM" name="wpTextbox1" id="wpTextbox1"> <input tabindex='2' type='hidden' value="" name='wpSummary' id='wpSummary'/> <input tabindex='5' id='wpSave' type='submit' value="Save page" name="wpSave" accesskey="s" title="Save your changes [alt-s]"/> </form> That runs locally and uses basic javascript to change the 'wpEdittime' var to a few seconds before current time could be used to coordinate disruptive attacks. I know that it is a simple matter to fix entries, but it is a simpler matter to stick a if(getenv("HTTP_REFERER")='207.142.131.202'){}else{//fail handler} or similar line in the submit function.
RSS Feed