Page MenuHomePhabricator
Create Task
Maniphest T7185

Spam blacklist trivially circumvented using HTML comments
Closed, ResolvedPublic
Actions

Description

Author: mapellegrini

Description:
It is trivially easy to circumvent the spam blacklist by using an HTML comment
in the URL.

Example:
http://en.wikipedia.org/w/index.php?title=Wikipedia/Stable&diff=42542934&oldid=38860953
(Kapitalism.net is on the spam blacklist).

Version: unspecified
Severity: major

Details

Reference
bz5185

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:07 PM
bzimport added a project: MediaWiki-Page-editing.
bzimport set Reference to bz5185.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Mar 6 2006, 11:40 PM
bzimport added a comment.Mar 9 2006, 6:33 AM

wiki.bugzilla wrote:

*** This bug has been marked as a duplicate of 4823 ***

brion added a comment.Mar 9 2006, 9:16 PM

De-duping this. These extensions don't share code and work differently,
so have to both be fixed separately.

bzimport added a comment.Apr 12 2006, 5:01 AM

robchur wrote:

Fixed in trunk, r13601.

bzimport added a comment.Apr 26 2006, 11:27 PM

mapellegrini wrote:

Example:
http://en.wikipedia.org/w/index.php?title=Talk:Wikitruth&diff=50327924&oldid=50318100

http:///www.foo.org (notice the three slashes) is also an effective work around.

bzimport added a comment.Apr 28 2006, 11:18 PM

robchur wrote:

Second exploit should now be fixed in trunk, r13912.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL