FINDING ID: iSEC-WMF1214-7
TARGETS: The following pages:
functionality of the system. This code is stored as a wiki page, and is visible to any user of the system.
that user. While the contents of this script are not part of the main indexed website, another user
changes the username in one of the above URLs to view the victim's custom code, learning information
that may be used to identify the owner of the custom code.
SHORT TERM SOLUTION: Treat custom script the same as other user preferences by disallowing users
from examining these customizations unless they are associated with the logged in account.
this functionality and allowing users to customize the site using client-side code instead.