https://www.openbugbounty.org/ says that a certain wiki has a XSS vulnerability.
The URL that is supposed to be vulnerable is domain.com/mediawiki/index.php?search=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E&button=&title=Spezial%3ASuche
Can this be true? Does someone have experience with openbugbounty.org?
Versions of the wiki: MediaWiki 1.27.4, PHP 7.1.9 (fpm-fcgi), MySQL 5.7.19-17
First, security issues should be reported privately through the according channels. An unresolved issue should not be posted publicly. Please keep that in mind.
I have tested the code you posted with MW 1.30 and unless your code is broken, the code does not produce according output. All it does is it returns the search page with search string.
Also I could not find a report about this on openbugbounty.org.
Exactly, I didn't tell the domain on purpose.
Could you test the code on a MW 1.27 install too?
I have tested the code on my wiki too, but it also showed the search page with a search string. How would I know when there is "according output"? (I'm new to XSS stuff)
The code, if not sanitized properly, contains an svg file and in that file it contains an onload command with an alert message with the word "openbugbounty". This message did not show up in my test.
For MediaWiki 1.27.0 the result was the same.
If you know a domain name, you can just check it yourself...
Is there a page on the issue at openbugbounty.org?
Thanks for your explanation. There is no alert message on my wiki either.
Yes, this is the page: https://www.openbugbounty.org/reports/278650/
