From Nick Jenkins
< MediaWiki
Revision as of 22:16, 24 September 2009 by Earwig (Talk | contribs)

Jump to: navigation, search

URL:"><a href="ownage

Alternate URL on a test wiki (replace IP address with appropriate details):"><a href="ownage

Then login.

Output on a wiki showing errors:

Fatal error: Call to a member function escapeFullURL() on a non-object in /var/www/hosts/mediawiki/phase3/includes/OutputPage.php on line 921

Output on the wikipedia: Blank page (errors are being logged).

This test as a curl command line:

curl --silent --include --cookie 'wikidb_session=1' -F 'wpName'='SOME_VALID_USERNAME' -F 'wpPassword'='SOME_VALID_PASSWORD' \

Also seems to be reproducible without having to login:

curl --silent --include \
 --cookie 'enwiki_session=1'\
 -F 'wpCookieCheck'=\
 -F 'returnto'='|'\