File |
Protection |
Problem / Possible Remediation
|
/profileinfo.php |
outputs profiling data if enabled, disabled by default. |
Should require authentication because profiling data is generally only used by developers or administrators. Users are unlikely to need such information and it may assist in an intrusion.
|
/redirect.php |
does not accept parameters |
This seems to be intended to be included by other Mediawiki code. If that is the case, it should be protected with MEDIAWIKI variable.
|
/opensearch_desc.php |
NO-SENSITIVE-DATA |
not authenticated, always outputs the same data, worth a look.
|
/tests/jasmine/spec_makers/makeJqueryMsgSpec.php |
NO-SENSITIVE-DATA |
not dangerous and part of third-party javascript testing code. Unlikely to be used in production so .htaccess protection would be advisable.
|
/tests/qunit/data/styleTest.css.php |
NO-SENSITIVE-DATA |
generates css in a very limited way based on user input; probably safe, but not ideal. Unlikely to be used in production so .htaccess protection would be advisable.
|
/resources/Resources.php |
CRASHES |
Not likely exploitable but no code should produce errors. Use of MEDIAWIKI variable protection will avoid the errors.
|
/thumb_handler.php |
CRASHES |
Not likely exploitable but no code should produce errors. Use of MEDIAWIKI variable protection will avoid the errors.
|
/extensions/Vector/Vector.php |
CRASHES |
Not likely exploitable but no code should produce errors. Use of MEDIAWIKI variable protection will avoid the errors.
|
File |
Protection |
Problem / Possible Remediation
|
/extensions/Gadgets/Gadgets_tests.php |
CLASS Definition |
|
/extensions/Gadgets/SpecialGadgets.php |
CLASS Definition |
|
/extensions/Gadgets/ApiQueryGadgetCategories.php |
CLASS Definition |
|
/extensions/Gadgets/Gadgets.php |
CLASS Definition |
|
/extensions/Gadgets/Gadgets_body.php |
CLASS Definition |
|
/extensions/Vector/Vector.hooks.php |
CLASS Definition |
|
/extensions/WikiEditor/WikiEditor.hooks.php |
CLASS Definition |
|
/extensions/ParserFunctions/ParserFunctions_body.php |
CLASS Definition |
|
/extensions/Renameuser/RenameUserJob.php |
CLASS Definition |
|
/extensions/ConfirmEdit/Captcha.php |
CLASS Definition |
|
/extensions/ConfirmEdit/CaptchaStore.php |
CLASS Definition |
|
/extensions/ConfirmEdit/QuestyCaptcha.class.php |
CLASS Definition |
|
/extensions/ConfirmEdit/ReCaptcha.class.php |
CLASS Definition |
|
/extensions/ConfirmEdit/MathCaptcha.class.php |
CLASS Definition |
|
/extensions/ConfirmEdit/Asirra.class.php |
CLASS Definition |
|
/extensions/ConfirmEdit/FancyCaptcha.class.php |
CLASS Definition |
|
/extensions/ConfirmEdit/HTMLCaptchaField.php |
CLASS Definition |
|
/extensions/ConfirmEdit/ConfirmEditHooks.php |
CLASS Definition |
|
/extensions/Nuke/Nuke_body.php |
CLASS Definition |
|
/extensions/ConfirmEdit/recaptchalib.php |
FUNCTION Definitions |
|
File |
Protection |
Problem / Possible Remediation
|
/tests/qunit/QUnitTestResources.php |
VARIABLE Definitions |
|
/extensions/Gadgets/Gadgets.alias.php |
VARIABLE Definitions |
|
/extensions/Gadgets/ApiQueryGadgets.php |
VARIABLE Definitions |
|
/extensions/Gadgets/Gadgets.i18n.php |
VARIABLE Definitions |
|
/extensions/Vector/Vector.i18n.php |
VARIABLE Definitions |
|
/extensions/WikiEditor/WikiEditor.php |
VARIABLE Definitions |
|
/extensions/WikiEditor/WikiEditor.i18n.php |
VARIABLE Definitions |
|
/extensions/ParserFunctions/ParserFunctions.i18n.magic.php |
VARIABLE Definitions |
|
/extensions/ParserFunctions/ParserFunctions.i18n.php |
VARIABLE Definitions |
|
/extensions/Renameuser/Renameuser.i18n.php |
VARIABLE Definitions |
|
/extensions/Renameuser/Renameuser.alias.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/QuestyCaptcha.i18n.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/FancyCaptcha.i18n.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/Asirra.i18n.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/ConfirmEdit.alias.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/ConfirmEdit.i18n.php |
VARIABLE Definitions |
|
/extensions/ConfirmEdit/ReCaptcha.i18n.php |
VARIABLE Definitions |
|
/extensions/Nuke/Nuke.i18n.php |
VARIABLE Definitions |
|
/extensions/Nuke/Nuke.alias.php |
VARIABLE Definitions |
|
File |
Protection |
Problem / Possible Remediation
|
/skins/Vector.php |
MEDIAWIKI Variable |
|
/skins/Simple.php |
MEDIAWIKI Variable |
|
/skins/Nostalgia.php |
MEDIAWIKI Variable |
|
/skins/MonoBook.php |
MEDIAWIKI Variable |
|
/skins/Modern.php |
MEDIAWIKI Variable |
|
/skins/Chick.php |
MEDIAWIKI Variable |
|
/skins/CologneBlue.php |
MEDIAWIKI Variable |
|
/skins/Standard.php |
MEDIAWIKI Variable |
|
/skins/MySkin.php |
MEDIAWIKI Variable |
|
/extensions/ParserFunctions/Expr.php |
MEDIAWIKI Variable |
|
/extensions/ParserFunctions/ParserFunctions.php |
MEDIAWIKI Variable |
|
/extensions/Renameuser/Renameuser.php |
MEDIAWIKI Variable |
|
/extensions/Renameuser/Renameuser_body.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/ConfirmEdit.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/Asirra.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/MathCaptcha.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/FancyCaptcha.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/QuestyCaptcha.php |
MEDIAWIKI Variable |
|
/extensions/ConfirmEdit/ReCaptcha.php |
MEDIAWIKI Variable |
|
/extensions/Nuke/Nuke.php |
MEDIAWIKI Variable |
|
/LocalSettings.php |
MEDIAWIKI Variable |
includes sensitive info, better to include from outside the web root
|