Difference between revisions of "MediaWiki/Parser50"

From Nick Jenkins
Jump to: navigation, search
m (+ variant that does not require successful login)
(Zuakymbse)
Line 1: Line 1:
URL:
+
d1xQIE dkv7Rq29nVvzm74lApqSw
<pre>
+
http://en.wikipedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto="><a href="ownage
+
</pre>
+
 
+
Alternate URL on a test wiki (replace IP address with appropriate details):
+
<pre>
+
http://192.168.0.64/wiki/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto="><a href="ownage
+
</pre>
+
 
+
Then login.
+
 
+
Output on a wiki showing errors:
+
<pre>
+
Fatal error: Call to a member function escapeFullURL() on a non-object in /var/www/hosts/mediawiki/phase3/includes/OutputPage.php on line 921
+
</pre>
+
 
+
Output on the wikipedia:
+
Blank page (errors are being logged).
+
 
+
This test as a curl command line:
+
<pre>
+
curl --silent --include --cookie 'wikidb_session=1' -F 'wpName'='SOME_VALID_USERNAME' -F 'wpPassword'='SOME_VALID_PASSWORD' \
+
'192.168.0.64/wiki/index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=<'
+
</pre>
+
 
+
Also seems to be reproducible without having to login:
+
<pre>
+
curl --silent --include \
+
--cookie 'enwiki_session=1'\
+
-F 'wpCookieCheck'=\
+
-F 'returnto'='|'\
+
'en.wikipedia.org/w/index.php/Special:Userlogin'
+
</pre>
+

Revision as of 13:49, 10 May 2009

d1xQIE dkv7Rq29nVvzm74lApqSw

Retrieved from "http://nickj.org/index.php?title=MediaWiki/Parser50&oldid=3430"