Author: tailorcat88
Description:
I don't know the specific details of this exploit, but I figured it should be brought to your attention anyway.
For the last 3 months, someone has been defacing various wikis, calling himself the "Zodiac Killer". The exploit temporarily defaces the wiki layout/css, and returns to normal when the user changes their IP.
I'm thinking this could be used to implement more malicious attacks in the future.
Here are some images and witness accounts of its execution:
http://img402.imageshack.us/img402/5889/wtfxz7.jpg <-- saw this a few hours ago http://img232.imageshack.us/img232/479/1225444299361ug4.png http://www.flickr.com/photos/nolageek2/2688153788 http://answers.yahoo.com/question/index?qid=20080815163025AApQ56T http://answers.yahoo.com/question/index?qid=20080719210625AAF3Zy5 http://www.websitetoolbox.com/tool/post/denniskaufman/vpost?id=2953615 <-- person of interest?
Here are two of the decrypted strings he used in his messages:
"This is the Zodiac speaking. Since you are doing nothing about me, I want you to put little Zodiac boxes everywhere to show that you recognize my reign. It's your choice, if you don't maybe I will just work extra hard and spread my message accross other wikis and websites, hopping from one to another." "VANDALIZING WIKIPEDIA IS SO FUN IT IS FUNNER THAN KILLING PEOPLE OR HAVING SEX BECAUSE WHEN YOU KILL PEOPLE YOU ONLY DESTROY THEIR BODY S BUT WHEN YOU VANDALIZE THIS WEBSITE YOU KILL THE SOUL OF THE POOR QUEER PIG SLAVES THAT DEVOTE THEIR LIVES TO THE EMBARKMENT THAT I AM NOW DESTROYING WITH MY OWN BARE HANDS"
This isn't just about vandalizing Wikipedia though, it's a hole in the MediaWiki software which should probably be looked into.
Again, sorry for the limited info... I just thought you should know.
-Mk
Version: unspecified
Severity: normal