Philip Hunt wrote:
When it says "very dangerous", what
does this mean? Does it for
example enable an exploit that would let someone hack into the
MediaWiki site? Or does it merely allow Javascript that would allow a
malicious person to harm a user's computer if they view the page?
The major concern is compromise of the MediaWiki account of the user who
views the page. The session ID or login token could be stolen, allowing an
attacker to act as that user. The attacker could potentially gain sysop
access and make a nuisance of themselves on the wiki.
There is no increased risk of server compromise unless you have installed
a MediaWiki extension which allows escalation from web access to server
access (e.g. a "PHP shell" extension).
Raw HTML increases the risk of password compromise via a phishing-style
attack.
Attacks against the viewer's browser are possible; a lockup or crash would
be easy for an attacker to produce. If the user has an old browser with
known vulnerabilities, a compromise of the user's computer may be possible
via scripted heap preparation or similar attacks.
That's useful informaytion. Do I have your permission to add it to the article
?
--
Philip Hunt, <cabalamat(a)googlemail.com>
Please avoid sending me Word or PowerPoint attachments.
See