Last modified: 2008-10-31 12:04:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T18202, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 16202 - Unidentified Security Exploit
Unidentified Security Exploit
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-31 12:01 UTC by mike
Modified: 2008-10-31 12:04 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description mike 2008-10-31 12:01:59 UTC 
I don't know the specific details of this exploit, but I figured it should be brought to your attention anyway.

For the last 3 months, someone has been defacing various wikis, calling himself the "Zodiac Killer". The exploit temporarily defaces the wiki layout/css, and returns to normal when the user changes their IP.
I'm thinking this could be used to implement more malicious attacks in the future.

----------------------------------------------------------------------
Here are some images and witness accounts of its execution:
----------------------------------------------------------------------

    http://img402.imageshack.us/img402/5889/wtfxz7.jpg <-- saw this a few hours ago
    http://img232.imageshack.us/img232/479/1225444299361ug4.png
    http://www.flickr.com/photos/nolageek2/2688153788
    http://answers.yahoo.com/question/index?qid=20080815163025AApQ56T
    http://answers.yahoo.com/question/index?qid=20080719210625AAF3Zy5
    http://www.websitetoolbox.com/tool/post/denniskaufman/vpost?id=2953615 <-- person of interest?

----------------------------------------------------------------------
Here are two of the decrypted strings he used in his messages:
----------------------------------------------------------------------

    "This is the Zodiac speaking. Since you are doing nothing about me, I want you to put little Zodiac boxes everywhere to show that you recognize my reign. It's your choice, if you don't maybe I will just work extra hard and spread my message accross other wikis and websites, hopping from one to another."

    "VANDALIZING WIKIPEDIA IS SO FUN IT IS FUNNER THAN KILLING PEOPLE OR HAVING SEX BECAUSE WHEN YOU KILL PEOPLE YOU ONLY DESTROY THEIR BODY S BUT WHEN YOU VANDALIZE THIS WEBSITE YOU KILL THE SOUL OF THE POOR QUEER PIG SLAVES THAT DEVOTE THEIR LIVES TO THE EMBARKMENT THAT I AM NOW DESTROYING WITH MY OWN BARE HANDS"

----------------------------------------------------------------------

This isn't just about vandalizing Wikipedia though, it's a hole in the MediaWiki software which should probably be looked into.

Again, sorry for the limited info... I just thought you should know.

-Mk
Comment 1 Andrew Garrett 2008-10-31 12:04:37 UTC 
Template vandalism.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links