Even if
Wikimedia is not vulnerable, many other MediaWiki installations
will be.
I'm not convinced yet that WikiMedia is not vulnerable!
While at first the
upload.wikimedia.org subdomain seemed to offer protection,
my tests at
http://toolserver.org/~dschwen/test.html
indicate that when using the url
http://commons.wikimedia.org/wiki/Special:FilePath/Gifar.gif to load the
applet, it has no rights to connect to
upload.wikimedia.org
Unfortunately it is late right now, so I don't have time to confirm if the
server of origin is indeed set to
commons.wikimedia.org as it seems at first
glance, but if it is then I think I found an attack vector.
Does anyone actually use Special:FilePath? This is not the first security
hole opened up by it, and the API could easily serve the same purpose.
Could it be removed?
-- Tim Starling