Wikipedia -or should I say Tim Starling- thinks that file disclosure is a good thing. And that cross site scripting, & SQL injection through it is only "script kiddie" stuff. I'm actually honored to be called like this, because it is not only the first time, but apparently they do listen to me because one hole I disclosed is -more or less- fixed. So what's up with that Wikipedia? a sudden change of heart? What happened? - I posted a blog item saying Wikipedia has files scattered around.- Wikipedia responds in their mailinglist stating that it is script kiddie stuff.- I post a XSS & SQL injection vulnerability back on my blog.- Then silently they patch the hole, without giving any credit like nothing happened.Never underestimate the script kiddie is my motto. Because you never know what they'll do next.
Yay for Wikipedia.
By secgeeks - Posted on June 17th, 2007
Tagged:
63
vote
Bookmark/Search this post with:
http://www.secgeeks.com/trackback/553
