what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Trustix Secure Linux Security Advisory 2006.6

Trustix Secure Linux Security Advisory 2006.6
Posted Mar 8, 2006
Authored by yorn

DokuWiki suffers from an XSS vulnerability in the "Picture List" of the "mediamanager" It is possible to upload a picture with a specially crafted EXIF tag, containing script code. This code will be executed every time a user views the "mediamanager".

tags | advisory
SHA-256 | 2b9c0351b951d6aa7308ec0aa1bca328612013d641e3a855f6a64c9d2136be51

Trustix Secure Linux Security Advisory 2006.6

Change Mirror Download
XSS Vulnerability in DokuWiki
=================================================

Discovered on 05.03.2006 by yorn.

Description:
------------
http://wiki.splitbrain.org/wiki:dokuwiki

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at
creating documentation of any kind. It is targeted at developer teams,
workgroups and small companies. It has a simple but powerful syntax which
makes sure the datafiles remain readable outside the Wiki and eases the
creation of structured texts.
All data is stored in plain text files ? no database is required.

Problems:
--------

XSS:
There is a XSS vulnerability in the "Picture List" of the "mediamanager".
It is possible to upload a picture with a spcially crafted EXIF tag,
containing script code. This code will be executed everytime a user views
the "mediamanager".

POC:
Insert '><script>alert(document.cookie)</script> into the following fields,
either by using an exif editor or using the Edit Picture function of the wiki
and save it. View the mediamanager again, enjoy your cookie.

Vulnerable fields:
Titel
Bildunterschrift
Schlagwörter

Vendor Status:
--------------
Vendor has been informed on the date of discovery. Patched in the
DokuWiki 2006-03-05 release!
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close