On Thursday 26 June 2008 14:13:52 Greg Grimes wrote: > If someone wanted they could make a very legitimate looking > link that points to our wiki page. Because the URL would have msstate.edu > in it, a lot of people would feel that there isn't anything wrong with the > link and click it. If only a handful fall for it, well...that's a handful > of bot computers they just got.
A malicious person, on his own webpage, can use the "onload" body attribute, or a <script></script> block to plant an evil javascript even without requiring the visitors to click on a link to my pmwiki. I feel it is far too much trouble for an attacker to create a webpage and place a link sending visitors to an external site, when he could just upload and use any javascript on his own webpage. :-) Actually, there is a hypothetical case where this could lead a vulnerability, and it is stealing a session cookie name and value from a "tricked" wiki administrator, to gain admin privileges to the wiki and do some page deletions or defacements. I am not sure that it is doable with the standard PHP installation, but I agree that the discussed bug should be fixed. Possibly, recursively sanitize the whole POST/GET/COOKIE/REQUEST arrays at the beginning of the processing. Thanks, Petko _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
