[pmwiki-devel] PITS/01030
Petko Yotov
5ko at 5ko.fr
Thu Jun 26 08:19:08 CDT 2008
On Thursday 26 June 2008 14:13:52 Greg Grimes wrote:
> If someone wanted they could make a very legitimate looking
> link that points to our wiki page. Because the URL would have msstate.edu
> in it, a lot of people would feel that there isn't anything wrong with the
> link and click it. If only a handful fall for it, well...that's a handful
> of bot computers they just got.
A malicious person, on his own webpage, can use the "onload" body attribute,
or a <script></script> block to plant an evil javascript even without
requiring the visitors to click on a link to my pmwiki.
I feel it is far too much trouble for an attacker to create a webpage and
place a link sending visitors to an external site, when he could just upload
and use any javascript on his own webpage. :-)
Actually, there is a hypothetical case where this could lead a vulnerability,
and it is stealing a session cookie name and value from a "tricked" wiki
administrator, to gain admin privileges to the wiki and do some page
deletions or defacements. I am not sure that it is doable with the standard
PHP installation, but I agree that the discussed bug should be fixed.
Possibly, recursively sanitize the whole POST/GET/COOKIE/REQUEST arrays at the
beginning of the processing.
Thanks,
Petko
More information about the pmwiki-devel
mailing list