exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Trustix Secure Linux Security Advisory 2006.6

Trustix Secure Linux Security Advisory 2006.6
Posted Mar 8, 2006
Authored by yorn

DokuWiki suffers from an XSS vulnerability in the "Picture List" of the "mediamanager" It is possible to upload a picture with a specially crafted EXIF tag, containing script code. This code will be executed every time a user views the "mediamanager".

tags | advisory
SHA-256 | 2b9c0351b951d6aa7308ec0aa1bca328612013d641e3a855f6a64c9d2136be51

Trustix Secure Linux Security Advisory 2006.6

Change Mirror Download
XSS Vulnerability in DokuWiki
=================================================

Discovered on 05.03.2006 by yorn.

Description:
------------
http://wiki.splitbrain.org/wiki:dokuwiki

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at
creating documentation of any kind. It is targeted at developer teams,
workgroups and small companies. It has a simple but powerful syntax which
makes sure the datafiles remain readable outside the Wiki and eases the
creation of structured texts.
All data is stored in plain text files ? no database is required.

Problems:
--------

XSS:
There is a XSS vulnerability in the "Picture List" of the "mediamanager".
It is possible to upload a picture with a spcially crafted EXIF tag,
containing script code. This code will be executed everytime a user views
the "mediamanager".

POC:
Insert '><script>alert(document.cookie)</script> into the following fields,
either by using an exif editor or using the Edit Picture function of the wiki
and save it. View the mediamanager again, enjoy your cookie.

Vulnerable fields:
Titel
Bildunterschrift
Schlagwörter

Vendor Status:
--------------
Vendor has been informed on the date of discovery. Patched in the
DokuWiki 2006-03-05 release!
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close