https://bugzilla.wikimedia.org/show_bug.cgi?id=35731
Web browser: ---
Bug #: 35731
Summary: XSS Attack embedded in web based initial setup
Product: MediaWiki
Version: 1.18.2
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: normal
Priority: Unprioritized
Component: Installation
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
Created attachment 10383
--> https://bugzilla.wikimedia.org/attachment.cgi?id=10383
The form as I saw it
Replicated four times on completely fresh servers with source grabbed from
mediawiki.org.
Using the web based setup to generate the initial LocalSettings.php for the
first time causes a phishing popup to appear using amazon CSS, images, and
scripts.
I've attached a screenshot and if requested can attach the source I have
visible. The page imports an iframe for the form that refers to a page only
visible from the client that spawned the popup, in my case:
http://ec2-75-101-235-219.compute-1.amazonaws.com:8000/qwopumeuvqopmgutpcypsvjcyzqklwmp.php
It will only spawn the first time someone attempts to view the GUI, after which
it behaves perfectly.
I've repeatedly scanned my computer to ensure that it wasn't locally based
malware, and the behavior only appears with the circumstances I described.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
