DokuWiki suffers from an XSS vulnerability in the "Picture List" of the "mediamanager" It is possible to upload a picture with a specially crafted EXIF tag, containing script code. This code will be executed every time a user views the "mediamanager".
2b9c0351b951d6aa7308ec0aa1bca328612013d641e3a855f6a64c9d2136be51
XSS Vulnerability in DokuWiki
=================================================
Discovered on 05.03.2006 by yorn.
Description:
------------
http://wiki.splitbrain.org/wiki:dokuwiki
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at
creating documentation of any kind. It is targeted at developer teams,
workgroups and small companies. It has a simple but powerful syntax which
makes sure the datafiles remain readable outside the Wiki and eases the
creation of structured texts.
All data is stored in plain text files ? no database is required.
Problems:
--------
XSS:
There is a XSS vulnerability in the "Picture List" of the "mediamanager".
It is possible to upload a picture with a spcially crafted EXIF tag,
containing script code. This code will be executed everytime a user views
the "mediamanager".
POC:
Insert '><script>alert(document.cookie)</script> into the following fields,
either by using an exif editor or using the Edit Picture function of the wiki
and save it. View the mediamanager again, enjoy your cookie.
Vulnerable fields:
Titel
Bildunterschrift
Schlagwörter
Vendor Status:
--------------
Vendor has been informed on the date of discovery. Patched in the
DokuWiki 2006-03-05 release!