Summerschool Aachen 2004/Hacking the Web Lab
The mediawiki vulnerability
Sourceforge has the source code for all previous versions of mediawiki still available, including the 1.3.0 beta versions. I downloaded beta4 and the final 1.3.0 version and did a diff -uNr, resulting in ~ 20000 (reduced to ~ 16000 without whitespace-only changes) lines. Most noticable changes include:
- additional addslashes calls in several places
- addslashes gets substituted by a new function escapePhpString in some places
Real World XSS exploits
If you are interested in finding more vulnerable webpages then looking for "Widdecombe of the Week" or "Widdy" in the NTK newsletter should find plenty.