https://bugzilla.wikimedia.org/show_bug.cgi?id=60601
Web browser: ---
Bug ID: 60601
Summary: Authentication Bypass / Data Enumeration
Product: MediaWiki
Version: unspecified
Hardware: Other
OS: All
Status: UNCONFIRMED
Severity: major
Priority: Unprioritized
Component: General/Unknown
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: blkn3t2s...@gmail.com
Classification: Unclassified
Mobile Platform: ---
Using Mediawiki’s own wiki (in which they provide various info on parameters
that can be passed to ‘index.php’) I was able to discover a potential flaw on
the version 1.3.11. By using a combination of parameters (‘diff’ & ‘oldid’),
which should only allow access to data when authenticated, you can enumerate
data out of the database – I guess this would be considered an authentication
bypass of sorts. So far it gives up user and certain database information, as
well as the contents of “protected” documents that have been uploaded.
index.php?title=Main_Page&diff=1811&oldid=1
By numerically fuzzing the 'diff' parameter, the application returns various
information, including protected documents, database type, group users.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
