Wikipedia Security Hole Plugged

Stefan Esser has posted on the PHP Security Blog about a XSS vulnerability he found on the Wikipedia site that was caused by the page not having a charset in it’s content-type header.

Unfortunately several browsers can be tricked to assume UTF-7 as charset when no charset header is given by the server or from within the HTML. Because the UTF-7 encoding uses only characters usually considered safe for HTML output user input is usually not correctly escaped when it gets printed which results in Cross Site Scripting vulnerabilities

He goes on to say that the Wikipedia guys had the vulnerability fixed in less then 3 hours and that a similar problem with the ViewVC CVS/SVN viewer was disclosed by him today in a new Hardened-PHP Project advisory.

lig