Last modified: 2013-03-20 19:19:40 UTC
Hello, I'm here to report a security flaw at MediaWiki, this flaw(XSS) is a serious threat to users. How to reproduce the bug? I want to edit a section of a MediaWiki page, so I click the Edit link. I'll be redirected to a page like http://es.wikipedia.org/w/index.php?title=Jedi&action=edit§ion=28 Now, as the 'section' parameter is vulnerable to XSS, I will add HTML code, for example http://es.wikipedia.org/w/index.php?title=Jedi&action=edit§ion=28<h1>hello</h1> and it is shown in the response. Hope this bug will be solved to grant users' security.
I just get this error: Cannot find section You tried to edit a section that does not exist. It may have been moved or deleted while you were viewing the page.
Hi Rodrigo, thank you for the report! I see what you mean, that value is treated as wikitext when it's written into the error message. Fortunately, wikitext is a very strict about security, so there shouldn't be a way to inject any scripts through that vector, any more than you can add it directly into a wiki page. So I don't think this is exploitable. However, if you do find a way to exploit this, please let me know. That would be a much bigger problem.
Yes, I noticed that there's no way to exploit it, just could inject some HTML code. Thanks for the quick response!
I've checked with Chris and this is invalid, and I've moved it out of the security area. If you need to reopen please move it back.