Last modified: 2006-03-02 02:23:26 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T7133, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 5133 - Possible security problem with signatures
Possible security problem with signatures
Status: CLOSED INVALID
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-28 20:54 UTC by cfaunaaaa
Modified: 2006-03-02 02:23 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description cfaunaaaa 2006-02-28 20:54:46 UTC
There is a possible security problem with signatures. In a worst case scenario,
if a user were to have a signature like the following:
<div class="plainlinks">'''[http://my.bad.page BadUser]'''</div>

...and leave a message on the talk page of a seward, the seward may then click
on the link to respond. Using AJAX, it is possible for the page that is linked
to to use javascript to make the user a bureaucrat and then redirect the seward
to a page, so that the seward does not suspect anything. The user could then
wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it
may be best to disable the use of the "plainlinks" class.
Comment 1 Rob Church 2006-02-28 21:04:52 UTC
(In reply to comment #0)
> Using AJAX, it is possible for the page that is linked
> to to use javascript to make the user a bureaucrat and then redirect the seward
> to a page, so that the seward does not suspect anything. The user could then
> wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it
> may be best to disable the use of the "plainlinks" class.

What would the exact mechanics of that be, pray tell? The only way that would
work is if some script was embedded into the user rights page on Meta. In
addition, we check the edit token of users to prevent spoofing user credentials.
Finally, a local bureaucrat could not "wreak untold havoc on Wikimedia sites"
because they're local.
Comment 2 Brion Vibber 2006-03-02 02:23:26 UTC
1) This has nothing to do with signatures; all wikitext may contain such links.
2) The plainlinks class suppresses only the extra link icon; external links still 
retain the external link color.
3) The plainlinks class doesn't suppress the URL title or the status bar, which 
plainly show any external link.
4) As mentioned above, there is protection against offsite form submissions for 
sensitive functions, so there's no vulnerability to exploit.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links