[Commons-l] GIFAR vulnerability and commons
Gregory Maxwell
gmaxwell at gmail.com
Tue Aug 12 04:40:42 UTC 2008
On Mon, Aug 11, 2008 at 11:29 PM, Daniel Schwen <lists at schwen.de> wrote:
>> Even if Wikimedia is not vulnerable, many other MediaWiki installations
>> will be.
> I'm not convinced yet that WikiMedia is not vulnerable!
> While at first the upload.wikimedia.org subdomain seemed to offer protection,
> my tests at
>
> http://toolserver.org/~dschwen/test.html
>
> indicate that when using the url
> http://commons.wikimedia.org/wiki/Special:FilePath/Gifar.gif to load the
> applet, it has no rights to connect to upload.wikimedia.org
>
> Unfortunately it is late right now, so I don't have time to confirm if the
> server of origin is indeed set to commons.wikimedia.org as it seems at first
> glance, but if it is then I think I found an attack vector.
If there is away around it (via things like the file path redirect)
then it would be very good to figure that out. I hadn't considered
that set of possibilities at all.... if thats the case then it's more
of a concern than just gifar... there are several other ways to upload
browser-executable code (even java)... But it's been the standing
belief that the domain and IP separation provided protection.
More information about the Commons-l
mailing list