[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DokuWiki persistent Cross Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DokuWiki persistent Cross Site Scripting
From: Filippo Cavallarin <filippo.cavallarin@segment.technology>
Date: Mon, 23 Mar 2015 13:44:32 +0100

Advisory ID: SGMA15-001
Title:  DokuWiki persistent Cross Site Scripting
Product: DokuWiki
Version: 2014-09-29c and probably prior
Vendor: www.dokuwiki.org
Vulnerability type:     Persistent XSS
Risk level:     Medium
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-03-18
Vendor fix: 2015-03-19
Public disclosure: 2015-03-23


Details

DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent 
Cross Site Scriptng in the admin page.

An attacker may use this vulnerability to execute javascript in the context of 
a logged admin user. 
Since the vulnerable page has forms with the CSRF token (the same for all 
requests), a full backend compromise may be possible.

To successfully exploit this vulenrability an attacked must:
        1. have an account on the target site
        2. trick and admin to visit a link or to edit user account


Proof of concept:

1. change your account real name to:
        my name" autofocus onfocus="alert('code executed')

2. login as admin and try to edit the user profile from User Manager


Solution

Apply the latest hotfix from vendor's site


References
https://www.dokuwiki.org/
https://github.com/splitbrain/dokuwiki/issues/1081





Filippo Cavallarin
https://segment.technology

Prev by Date: [SECURITY] [DSA 3203-1] tor security update
Next by Date: ESA-2015-044: EMC Documentum xMS Sensitive Information Disclosure Vulnerability
Previous by thread: [SECURITY] [DSA 3203-1] tor security update
Next by thread: ESA-2015-044: EMC Documentum xMS Sensitive Information Disclosure Vulnerability
Index(es):
- Date
- Thread