https://bugzilla.wikimedia.org/show_bug.cgi?id=35731
Web browser: --- Bug #: 35731 Summary: XSS Attack embedded in web based initial setup Product: MediaWiki Version: 1.18.2 Platform: All OS/Version: All Status: UNCONFIRMED Severity: normal Priority: Unprioritized Component: Installation AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: xnetspl...@gmail.com CC: innocentkil...@gmail.com Classification: Unclassified Mobile Platform: --- Created attachment 10383 --> https://bugzilla.wikimedia.org/attachment.cgi?id=10383 The form as I saw it Replicated four times on completely fresh servers with source grabbed from mediawiki.org. Using the web based setup to generate the initial LocalSettings.php for the first time causes a phishing popup to appear using amazon CSS, images, and scripts. I've attached a screenshot and if requested can attach the source I have visible. The page imports an iframe for the form that refers to a page only visible from the client that spawned the popup, in my case: http://ec2-75-101-235-219.compute-1.amazonaws.com:8000/qwopumeuvqopmgutpcypsvjcyzqklwmp.php It will only spawn the first time someone attempts to view the GUI, after which it behaves perfectly. I've repeatedly scanned my computer to ensure that it wasn't locally based malware, and the behavior only appears with the circumstances I described. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l