[Commons-l] GIFAR vulnerability and commons
Tim Starling
tstarling at wikimedia.org
Tue Aug 12 05:01:27 UTC 2008
Daniel Schwen wrote:
>> Even if Wikimedia is not vulnerable, many other MediaWiki installations
>> will be.
> I'm not convinced yet that WikiMedia is not vulnerable!
> While at first the upload.wikimedia.org subdomain seemed to offer protection,
> my tests at
>
> http://toolserver.org/~dschwen/test.html
>
> indicate that when using the url
> http://commons.wikimedia.org/wiki/Special:FilePath/Gifar.gif to load the
> applet, it has no rights to connect to upload.wikimedia.org
>
> Unfortunately it is late right now, so I don't have time to confirm if the
> server of origin is indeed set to commons.wikimedia.org as it seems at first
> glance, but if it is then I think I found an attack vector.
Does anyone actually use Special:FilePath? This is not the first security
hole opened up by it, and the API could easily serve the same purpose.
Could it be removed?
-- Tim Starling
More information about the Commons-l
mailing list