Author: timwi
Description:
BUG MIGRATED FROM SOURCEFORGE
http://sourceforge.net/tracker/index.php?func=detail&aid=842921&group_id=34373&atid=411192
Originally submitted by Brion Vibber (vibber)<a href="/help/icon_legend.php?context=user_wantsdonations&user_id=446709&return_to=%2F"><IMG src="http://images.sourceforge.net/images/icons/donate.png" alt="Accepting Donations" border="0" width="16" height="16"></a> 2003-11-16 00:29
Most form-handling code in the wiki doesn't actually check
whether its stuff came via a GET or POST request. For the
most part this isn't a big deal, but for admin actions that
have confirmation screens, it's probably not a good idea.
It's possible for instance to craft a URL that will delete a
page or ban an IP address and trick a sysop into loading it
(possibly disguised as an inline image, hidden iframe or
other secondary URL) and performing the action.
It's more difficult to fake a POST request, although still
possible; checking the referrer header to avoid constructed
forms on other sites (potentially autosubmitted via
javascript) might be a step to counter this.
Version: unspecified
Severity: normal