at what level can this be exploited?
From the wiki interface?
Or from MySQL?
What if there is a firewall in front of MySQL?
-----Original Message-----
From: mediawiki-l-bounces(a)Wikimedia.org
[mailto:mediawiki-l-bounces@Wikimedia.org]On Behalf Of Brion Vibber
Sent: Monday, December 19, 2005 7:14 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] How do I change the default skin for users
thatareboth logged in as well as not logged in?
Alistair Johnson wrote:
Here's a script we use to copy preferences from
one user to all users for
MW
1.4.x. YMMV.
[snip]
This snippet appears to be vulnerable to SQL injection attacks. A cleverly
written signature or other option on the model row could probably be used to
overwrite everyone else's passwords or such.
-- brion vibber (brion @
pobox.com)