Last modified: 2013-02-05 16:58:39 UTC
Created attachment 11720 [details] xss xss in url. test on mozilla firefox browser. http://bots.wmflabs.org/~wm-bot/searchlog/index.php?action=search&channel=%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%23%23thinewiki
.
Confirmed. Html is being written directly into the text context. (simplified exploit url) http://bots.wmflabs.org/~wm-bot/searchlog/index.php?action=search&channel=<SCRIPT>alert(1)</SCRIP> The exploitability is limited since this is on the wmflabs.org domain, so an attacker cannot use it to attack other wmf sites directly, but we'll get it fixed up soon. Ryan, do you know who manages the web interface on the bots project?
wm-bot is run by Petr, who is assigned on the bug.
source code of this is located at: git@github.com:benapetr/wikimedia-botslogs.git anyway I will fix that