Last modified: 2006-11-28 03:17:16 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 8046 - Recent Changes page escapes a link to an external website.
Recent Changes page escapes a link to an external website.
Status: RESOLVED DUPLICATE of bug 98
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
unspecified
All All
: Normal major with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
http://www.marveldatabase.com/index.p...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-27 02:30 UTC by Jamie Hari
Modified: 2006-11-28 03:17 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Jamie Hari 2006-11-27 02:30:49 UTC
I am not sure how to report this, but somehow someone was able to create an
artificial link to an external website.

The 'article' tab at the top of the article actually links to an external
website, as well.

Is this simply an text escaping bug, or could it be the lead-in to a malicious
exploit?

Some links:

http://www.marveldatabase.com/index.php?title=/Giant-Size_X-Men_1&curid=37033&action=history

http://www.marveldatabase.com/index.php?title=Special:Contributions&target=U53rn4m3

http://www.marveldatabase.com/index.php?title=Special:Recentchanges&from=20061127020848&limit=100000

(Scroll to the end of recent changes in the 3rd link.)
Comment 1 Brion Vibber 2006-11-28 01:48:58 UTC
Your site configuration is a little fragile, with articles 
placed directly at the root URL. (I recommend against this for 
many reasons.)

Pages starting with "/" thus end up with local URL paths 
starting with "//", which some browsers may interpret similarly 
to "http://".

See the linked patch on bug 98 for how to disable all pages 
beginning with "/".

Going to go ahead and dupe this to bug 98, since the bogus "/" 
is the issue.

*** This bug has been marked as a duplicate of 98 ***
Comment 2 Jamie Hari 2006-11-28 03:17:16 UTC
Thanks Brion,

I spotted that extra / after I posted, but I wanted to make sure there was
nothing security related, so I left the bug open for you to review.

Thanks.

:)

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links