Last modified: 2006-03-02 02:23:26 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 5133 - Possible security problem with signatures
Possible security problem with signatures
Status: CLOSED INVALID
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-28 20:54 UTC by cfaunaaaa
Modified: 2006-03-02 02:23 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description cfaunaaaa 2006-02-28 20:54:46 UTC
There is a possible security problem with signatures. In a worst case scenario,
if a user were to have a signature like the following:
<div class="plainlinks">'''[http://my.bad.page BadUser]'''</div>

...and leave a message on the talk page of a seward, the seward may then click
on the link to respond. Using AJAX, it is possible for the page that is linked
to to use javascript to make the user a bureaucrat and then redirect the seward
to a page, so that the seward does not suspect anything. The user could then
wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it
may be best to disable the use of the "plainlinks" class.
Comment 1 Rob Church 2006-02-28 21:04:52 UTC
(In reply to comment #0)
> Using AJAX, it is possible for the page that is linked
> to to use javascript to make the user a bureaucrat and then redirect the seward
> to a page, so that the seward does not suspect anything. The user could then
> wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it
> may be best to disable the use of the "plainlinks" class.

What would the exact mechanics of that be, pray tell? The only way that would
work is if some script was embedded into the user rights page on Meta. In
addition, we check the edit token of users to prevent spoofing user credentials.
Finally, a local bureaucrat could not "wreak untold havoc on Wikimedia sites"
because they're local.
Comment 2 Brion Vibber 2006-03-02 02:23:26 UTC
1) This has nothing to do with signatures; all wikitext may contain such links.
2) The plainlinks class suppresses only the extra link icon; external links still 
retain the external link color.
3) The plainlinks class doesn't suppress the URL title or the status bar, which 
plainly show any external link.
4) As mentioned above, there is protection against offsite form submissions for 
sensitive functions, so there's no vulnerability to exploit.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links