User:MZMcBride/Attacks

{{#ifeq:{μ|μ|}}

So, you've got your hands on an admin account through password sniffing or sockpuppets or whatever, and now you're ready to do some harm. Here are some of your possible options.

Delete the Main Page
The English Wikipedia's Main Page has some special types of protection on it that make it more difficult, but not impossible to delete it. The first protection is that the page has no "delete" tab (it's hidden with CSS), so you'll have to manually create the URL (protip: [ click here]). The second protection is that there is a PHP hack in place that makes whichever page is defined in MediaWiki:Mainpage. So you'll need to change that page first. Once MediaWiki:Mainpage is changed, you should be able to delete the Main Page. If something like 'bigdelete' stops you (that checks for pages over 5,000 revisions), try moving the page first and then deleting it. That usually works.

Exploit the MediaWiki namespace
One of the easier exploits involves a MediaWiki vulnerability. Namely that some MediaWiki messages still allow injection of raw HTML. MediaWiki:Copyright is used on almost every page and (still) allows for raw HTML injection. It also has the advantage of not being cached (as heavily) as the site-wide JS and CSS pages. And it's not as well watched. There are likely other MediaWiki pages that can be exploited similarly, but they're probably not used as much as the copyright notice is.