Jump to content
Aerosol

DokuWiki 2014-09-29c Cross Site Scripting

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

Advisory ID: SGMA15-001
Title:  DokuWiki persistent Cross Site Scripting
Product: DokuWiki
Version: 2014-09-29c and probably prior
Vendor:  www.dokuwiki.org
Vulnerability type:  Persistent XSS
Risk level:  Medium
Credit:  Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-03-18
Vendor fix: 2015-03-19
Public disclosure: 2015-03-23


Details

DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page.

An attacker may use this vulnerability to execute javascript in the context of a logged admin user. 
Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible.

To successfully exploit this vulenrability an attacked must:
  1. have an account on the target site
  2. trick and admin to visit a link or to edit user account


Proof of concept:

1. change your account real name to:
  my name" autofocus onfocus="alert('code executed')

2. login as admin and try to edit the user profile from User Manager


Solution

Apply the latest hotfix from vendor's site


References
https://www.dokuwiki.org/
https://github.com/splitbrain/dokuwiki/issues/1081





Filippo Cavallarin
https://segment.technology

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...