Web browser: ---
            Bug ID: 60601
           Summary: Authentication Bypass / Data Enumeration
           Product: MediaWiki
           Version: unspecified
          Hardware: Other
                OS: All
            Status: UNCONFIRMED
          Severity: major
          Priority: Unprioritized
         Component: General/Unknown
    Classification: Unclassified
   Mobile Platform: ---

Using Mediawiki’s own wiki (in which they provide various info on parameters
that can be passed to ‘index.php’) I was able to discover a potential flaw on
the version 1.3.11.  By using a combination of parameters (‘diff’ & ‘oldid’),
which should only allow access to data when authenticated, you can enumerate
data out of the database – I guess this would be considered an authentication
bypass of sorts.  So far it gives up user and certain database information, as
well as the contents of “protected” documents that have been uploaded.


By numerically fuzzing the 'diff' parameter, the application returns various
information, including protected documents, database type, group users.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to