Awesome MediaWiki Bug

Cosmo Catalano July 23rd, 2009

Poor, lonely <font>. You were irritating to use, and so you were kicked out of the treehouse in favor of stylesheets by HTML 4.01. But cheer up <font>; you can still be extremely annoying! Just try a Wikipedia vanity search, with a few of your pedantic modifiers thrown in for good measure—let’s use <font face=cursive size=50>: wiki_bug_sm

Not only that, <font>, but your old and even more annoying buddy <table> is back in the game, too. And when you two team up,  there’s almost no limit to the amount of carnage you can create:

hi_jeff_sm

This works across browsers, though there are obvious differences in how they render the horribly mangled code these querys will produce. It’s the best lesson in input santization since since Little Bobby Tables.

If you’re good, you can theoretically purpetrate some serious mayhem with this bug—and considering how widely MediaWiki is used around the web, that could be a real problem.

In reality, though, the trickery is probably limited by the abilty of your dirty, dirty inputs to generate search results; without those, it looks like most of your code modifications get cancelled.

That having been said, I endorse using this exploit only for your own personal amusement, not serious destruction. You have been warned.

  • http://www.cold.getbest-rxx.com KALYANI

    Thank you for your help! Good work.

Grab the RSS feed
Follow ExpanDrive on Twitter Follow us on Twitter


Try ExpanDrive

If you’ve heard of SSH then you need ExpanDrive.



Try Strongspace

Awesome SFTP/rsync online storage by ExpanDrive.