Aerosol Posted March 24, 2015 Report Share Posted March 24, 2015 Advisory ID: SGMA15-001Title: DokuWiki persistent Cross Site ScriptingProduct: DokuWikiVersion: 2014-09-29c and probably priorVendor: www.dokuwiki.orgVulnerability type: Persistent XSSRisk level: MediumCredit: Filippo Cavallarin - segment.technologyCVE: N/AVendor notification: 2015-03-18Vendor fix: 2015-03-19Public disclosure: 2015-03-23DetailsDokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page.An attacker may use this vulnerability to execute javascript in the context of a logged admin user. Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible.To successfully exploit this vulenrability an attacked must: 1. have an account on the target site 2. trick and admin to visit a link or to edit user accountProof of concept:1. change your account real name to: my name" autofocus onfocus="alert('code executed')2. login as admin and try to edit the user profile from User ManagerSolutionApply the latest hotfix from vendor's siteReferenceshttps://www.dokuwiki.org/https://github.com/splitbrain/dokuwiki/issues/1081Filippo Cavallarinhttps://segment.technologySource Quote Link to comment Share on other sites More sharing options...
