Anthony wrote: > It does not involve generating hash collisions, but it involves > finding various bugs in mediawiki and using them to vandalise, often > by injecting javascript. The best description I could find was at > Encyclopedia Dramatica, which seems to be taken down (there's a cache > if you do a google search for "grawp wikipedia"). There's also a > description at http://en.wikipedia.org/wiki/User:Grawp , which does > not do justice to the "mad hacker skillz" of this individual and his > intent on finding bugs in mediawiki and exploiting them. >
Say what? Being able to inject js is a very serious vulnerability. If he's doing this, why haven't I seen any security releases triggered by a vandal finding an XSS? has no one reported it? The pages you link to seem to indicate he's nothing more than a willy-on-wheels type vandal, who at worst tricked an admin into doing a delete of a page with a very high number of revisions making the server kittens cry for a moment. There's no indication he has "mad hacker skillz" in any way or form (and given the tone of that Encyclopedia Dramatica page, I assume they'd be bragging about it if he did). -bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
