Invalid argument: Type H: illegal hex digit in Model/UUID
Closed, ResolvedPublic
Actions

Description

Spotted in production:

1 Warning: Invalid argument: Type H: illegal hex digit y in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit t in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit r in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit p in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit l in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit / in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412
1 Warning: Invalid argument: Type H: illegal hex digit g in /srv/mediawiki/php-1.25wmf19/extensions/Flow/includes/Model/UUID.php on line 412

Related Objects

Mentioned In: rMEXT1395d4822ec9: Updated mediawiki/extensions Project: mediawiki/extensions/Flow…
rEFLWbbf402202613: Validate input as hex string

Event Timeline

demon created this task.Mar 5 2015, 3:33 PM

demon updated the task description. (Show Details)

demon raised the priority of this task from to Needs Triage.

demon added projects: StructuredDiscussions, Wikimedia-production-error.

demon added a subscriber: demon.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 5 2015, 3:33 PM

I wonder if there is any way we can get stack traces output with warnings, without them i'm rather unsure what exactly happened here.

We should see if these can be caught by a user-defined error handler.

EBernhardson triaged this task as Normal priority.Mar 5 2015, 6:49 PM

Change 194566 had a related patch set uploaded (by EBernhardson):
Validate input as hex string

https://gerrit.wikimedia.org/r/194566

gerritbot added a project: Patch-For-Review.Mar 5 2015, 6:59 PM

The submitted patch might solve this problem (at least you can trigger it through that code path), but not 100% sure this was same source without a stack trace

Change 194566 merged by jenkins-bot:
Validate input as hex string

https://gerrit.wikimedia.org/r/194566

• Mattflaschen-WMF mentioned this in rEFLWbbf402202613: Validate input as hex string.Mar 9 2015, 4:10 AM

Now that's merged, let's close and re-open if it comes up again.

Diffusion mentioned this in rMEXT1395d4822ec9: Updated mediawiki/extensions Project: mediawiki/extensions/Flow….Mar 11 2015, 6:28 AM

demon moved this task from Untriaged to Resolved on the Wikimedia-production-error board.Jun 12 2015, 6:35 PM

Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptJun 12 2015, 6:35 PM

DannyH moved this task from Untriaged to Resolved on the Collaboration-Team-Triage board.Jun 15 2015, 11:31 PM

Hi,

I'm NOT reporting bug ,but I would like to share some info that we found. It seems that the filter work as expected. The extension might need some improvement to handle even further advanced xss attack.

Using MW 1.31.1.

We found some error message like:
PHP Warning: pack(): Type H: illegal hex digit I in /w/extensions/FlowThread/includes/UUID.php on line 52

By combining them we got following: (" mark converted)

"+rspons.writ(*)+"rspons.writ(*)'+rspons.writ(*)+'"+rspons.writ(*)+"VliPostIVliPostIVliPostIYPrgUjNRiX$(nslookupns..\.-...\.xss.m)&amp;nslookupns..\.-...\.xss.m&amp;'\"`&amp;nslookupns..\.-...\.xss.m&amp;`'&amp;nslookupns..\.-...\.xss.m&amp;'\"`&amp;nslookupns..\.-...\.xss.m&amp;`'VliPostIVliPostI:.-...@xss.m-OR+--=+++VliPostI-'OR+--=+++or'JhNQqlT'='i(now()=syst(),slp(),)/*'XOR(i(now()=syst(),slp(),))OR'"XOR(i(now()=syst(),slp(),))OR"*/jswY');sltpg_slp();--'"\'\");VliPostIVliPostI-OR+--=+++--VliPostI-'OR+--=+++or'rzUphH'='-"OR+--=+++---"OR*&gt;(++-)--witorly'::'--${+}VliPostIVliPostIhttp://som-inxistnt-wsit.u/som_inxistnt_il_with_long_nm?.jpg../../../../../../../../../../t/psswVliPostIhttp://tstsp.vulnw.om/t/it.txt?.jpg.\\./.\\./.\\./.\\./.\\./.\\./t/psswHttp://tstsp.vulnw.om/t/it.txt/t/psswhttp://tstsp.vulnw.om/t/it.txt?.jpg../..//../..//../..//../..//../..//../..//../..//../..//t/psswQmiZQVJoVliPostI&amp;n=v../../../../../../../../../../winows/win.ini/.\\./.\\./.\\./.\\./.\\./.\\./winows/win.iniVliPostIW-IN\w.xmlVliPostIVliPostI..%..%..%..%..%..%..%..%..%..%t%pssw%.jpg/t/psswhttp://tstsp.vulnw.om/t/xss.html?%.jpg';print(m(untix_wvs_surity_tst));$='%t%psswVliPostI';print(m(untix_wvs_surity_tst));$='il:///t/pssw";print(m(untix_wvs_surity_tst));$="http://hitjzyMzr.xss.m/pi.php/.${@print(m(untix_wvs_surity_tst))}\../../../../../../../../../../winows/win.iniVliPostIVliPostIVliPostIVliPostIVliPostI/.\\./.\\./.\\./.\\./.\\./.\\./winows/win.ini../..//../..//../..//../..//../..//../..//../..//../..//winows/win.ini../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././winows/win.ini)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))VliPostIVliPostI'"//www.vulnw.omVliPostI/\www.vulnw.omVliPostI���������%%/www.vulnw.om''""VliPostIVliPostI'"VliPostI'"VliPostIVliPostI'"()&amp;%&lt;x&gt;&lt;SRiPt&gt;k()&lt;/SRiPt&gt;VliPostI{{*}}ux���z���z���xuVliPostI"sTYL='u:xpr/**/SSion(k())'="VliPostI&lt;sript&gt;k()&lt;/sript&gt;VliPostI&lt;SRiPt&gt;k()&lt;/SRiPt&gt;VliPostI&lt;isinxtyp=imgsr=onrror=k()&gt;VliPostI&lt;img/sr="&gt;"onrror=lrt()&gt;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%VliPostI&lt;inpututoousonous=k()&gt;VliPostI&lt;img&lt;!----&gt;sr=xonrror=lrt();//&gt;&lt;!----&gt;VliPostI&lt;%ontntitlonrsiz=k()&gt;VliPostI&lt;wVgx=&gt;VliPostI&lt;imgsR='http://ttkr-/log.php?VliPostI'"()&amp;%&lt;x&gt;&lt;SRiPt&gt;k()&lt;/SRiPt&gt;ux���z���z���xu{{*}}u���s���s��s��uux���z���z���xuVliPostI"onmousovr=k()"VliPostI&lt;SRiPt&gt;k()&lt;/SRiPt&gt;VliPostI&lt;SRiPt&gt;k()&lt;/SRiPt&gt;VliPostI&lt;vio&gt;&lt;souronrror="jvsript:k()"&gt;VliPostI&lt;svg	���������onlo=k();&gt;VliPostI&lt;imgsr=xyzOnrRor=k()&gt;VliPostI&lt;img/sr="&gt;"onrror=lrt()&gt;VliPostI\uSRiPt\k()\u/sripT\uVliPostI&lt;inpututoousonous=k()&gt;&lt;Hr=http://www.vulnw.om&gt;&lt;/&gt;VliPostI}oy{u:xpr/**/SSion(k())}VliPostI&lt;iRmsR=.om&gt;&lt;/IRm&gt;VliPostIVliPostIVliPostIVliPostI

@Zoglun Feel free to create a new task for your new bugs, that old bug has resolved afaik.

Liuxinyu970226 removed a subscriber: Liuxinyu970226.Feb 28 2019, 10:28 AM

Invalid argument: Type H: illegal hex digit in Model/UUIDClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Invalid argument: Type H: illegal hex digit in Model/UUID
Closed, ResolvedPublic
Actions