This shows that it's good that you disclosed it because who knows, maybe
your ACL cache can be circumvented in some other way, not only by using
template ;)
Sergey
On Wed, Jul 8, 2009 at 3:55 AM, Thomas Schweitzer
<[email protected]>wrote:
> Lane, Ryan schrieb:
> >> And by the way: Congratulations to David MacDonald. He found
> >> the first
> >> bug and was able to read "ProtectedArticle". It is already
> >> fixed and I
> >> won't tell how he did it :-)
> >>
> >>
> >
> > Wouldn't it be better for everyone to know how he did it so that we can
> > check similar methods?
> >
> > Hiding bugs doesn't really help security.
> >
> > V/r,
> >
> > Ryan Lane
> >
> Hi Ryan,
>
> in general, you are right. But this was a weird bug that, as it is fixed
> now, does not help finding other bugs.
> But anyway, this is how Dave did it:
> He created an article in which he wanted to transclude
> "ProtectedArticle". But instead of writing {{:ProtectedArticle}} he
> wrote {{ProtectedArticle}} and saved his article. Effectively, the
> article contained an unknown template (Template:ProtectedArticle) which
> was checked for access restrictions. As it has none, access was granted
> and my ACL-cache contained a positive value for "ProtectedArticle". Now
> Dave corrected the content of his article to {{:ProtectedArticle}} and
> saved again. My ACL-cache still said "ProtectedArticle" is fine and so
> it was finally completely transcluded. The bug was, that the ACL-cache
> did not contain the full name of the protected object.
> "ProtectedArticle" and "Template:ProtectedArticle" were the same for the
> cache.
>
> Best
> Thomas
>
>
>
> --
> Thomas Schweitzer
> Professional Services
> ontoprise GmbH - know how to use Know-how
> ---
> ontoprise ist Generalunternehmer für Vulcans Semantic Wiki im Projekt Halo
> http://www.ontoprise.de/
> ---
> Amalienbadstraße 36 (Raumfabrik 29); 76227 Karlsruhe
> Tel.: +49 (0) 721 509 809 39; Fax: +49 (0) 721 509 809 11
> eMail: [email protected]; www: http://www.ontoprise.de
> Sitz der Gesellschaft: Amtsgericht Mannheim, HRB 9540
> Geschäftsführer: Prof. Dr. Jürgen Angele, Dipl.Wi.-Ing. Hans-Peter Schnurr
>
>
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> Semediawiki-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
>
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Semediawiki-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
