DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.
f3904c4b7095c2906f919c23af7958dffe8a653152cf6e88441674e356365afdAdvisory ID: SGMA15-001
Title: DokuWiki persistent Cross Site Scripting
Product: DokuWiki
Version: 2014-09-29c and probably prior
Vendor: www.dokuwiki.org
Vulnerability type: Persistent XSS
Risk level: Medium
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-03-18
Vendor fix: 2015-03-19
Public disclosure: 2015-03-23
Details
DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page.
An attacker may use this vulnerability to execute javascript in the context of a logged admin user.
Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible.
To successfully exploit this vulenrability an attacked must:
1. have an account on the target site
2. trick and admin to visit a link or to edit user account
Proof of concept:
1. change your account real name to:
my name" autofocus onfocus="alert('code executed')
2. login as admin and try to edit the user profile from User Manager
Solution
Apply the latest hotfix from vendor's site
References
https://www.dokuwiki.org/
https://github.com/splitbrain/dokuwiki/issues/1081
Filippo Cavallarin
https://segment.technology
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed