peter green wrote:
Commons seems to be a target for such an attack. Upload is easy, although I'm not to sure about the damage potential. I suppose if an administrators account would get compromised an applet could be manufactured to mass delete content or mass block users.
If commons is vulnerable all wikimedia wiki's are and there is nothing that local commons users or admins can really do about this. Mediawiki should probablly be modified to check for garbage on the end of image files if it does not already do so.
Sending this on to wikitech-l so the devs can comment on it.
Replied on commons-l and fixed for default MediaWiki installations in r39203.
-- Tim Starling