lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <833656C6-A3CB-4F1A-8CBF-D83555EF38C1@segment.technology>
Date: Mon, 23 Mar 2015 13:44:32 +0100
From: Filippo Cavallarin <filippo.cavallarin@...ment.technology>
To: bugtraq@...urityfocus.com
Subject: DokuWiki persistent Cross Site Scripting

Advisory ID: SGMA15-001
Title:	DokuWiki persistent Cross Site Scripting
Product: DokuWiki
Version: 2014-09-29c and probably prior
Vendor:	www.dokuwiki.org
Vulnerability type:	Persistent XSS
Risk level:	Medium
Credit:	Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-03-18
Vendor fix: 2015-03-19
Public disclosure: 2015-03-23


Details

DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page.

An attacker may use this vulnerability to execute javascript in the context of a logged admin user. 
Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible.

To successfully exploit this vulenrability an attacked must:
	1. have an account on the target site
	2. trick and admin to visit a link or to edit user account


Proof of concept:

1. change your account real name to:
	my name" autofocus onfocus="alert('code executed')

2. login as admin and try to edit the user profile from User Manager


Solution

Apply the latest hotfix from vendor's site


References
https://www.dokuwiki.org/
https://github.com/splitbrain/dokuwiki/issues/1081





Filippo Cavallarin
https://segment.technology

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ