Last modified: 2008-10-31 12:04:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 16202 - Unidentified Security Exploit
Unidentified Security Exploit
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-31 12:01 UTC by mike
Modified: 2008-10-31 12:04 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description mike 2008-10-31 12:01:59 UTC
I don't know the specific details of this exploit, but I figured it should be brought to your attention anyway.

For the last 3 months, someone has been defacing various wikis, calling himself the "Zodiac Killer". The exploit temporarily defaces the wiki layout/css, and returns to normal when the user changes their IP.
I'm thinking this could be used to implement more malicious attacks in the future.

----------------------------------------------------------------------
Here are some images and witness accounts of its execution:
----------------------------------------------------------------------

    http://img402.imageshack.us/img402/5889/wtfxz7.jpg <-- saw this a few hours ago
    http://img232.imageshack.us/img232/479/1225444299361ug4.png
    http://www.flickr.com/photos/nolageek2/2688153788
    http://answers.yahoo.com/question/index?qid=20080815163025AApQ56T
    http://answers.yahoo.com/question/index?qid=20080719210625AAF3Zy5
    http://www.websitetoolbox.com/tool/post/denniskaufman/vpost?id=2953615 <-- person of interest?

----------------------------------------------------------------------
Here are two of the decrypted strings he used in his messages:
----------------------------------------------------------------------

    "This is the Zodiac speaking. Since you are doing nothing about me, I want you to put little Zodiac boxes everywhere to show that you recognize my reign. It's your choice, if you don't maybe I will just work extra hard and spread my message accross other wikis and websites, hopping from one to another."

    "VANDALIZING WIKIPEDIA IS SO FUN IT IS FUNNER THAN KILLING PEOPLE OR HAVING SEX BECAUSE WHEN YOU KILL PEOPLE YOU ONLY DESTROY THEIR BODY S BUT WHEN YOU VANDALIZE THIS WEBSITE YOU KILL THE SOUL OF THE POOR QUEER PIG SLAVES THAT DEVOTE THEIR LIVES TO THE EMBARKMENT THAT I AM NOW DESTROYING WITH MY OWN BARE HANDS"

----------------------------------------------------------------------

This isn't just about vandalizing Wikipedia though, it's a hole in the MediaWiki software which should probably be looked into.

Again, sorry for the limited info... I just thought you should know.

-Mk
Comment 1 Andrew Garrett 2008-10-31 12:04:37 UTC
Template vandalism.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links