oss-sec mailing list archives
CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sun, 22 Apr 2012 19:24:00 +0200
Hello Kurt, Steve, vendors, a cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws were found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of the 'target' parameter when preprocessing edit form data. A remote attacker could provide a specially-crafted URL, which once visited by a valid DokuWiki user would lead to arbitrary HTML or web script execution in the context of logged in DokuWiki user. References: [1] https://secunia.com/advisories/48848/ [2] http://ircrash.com/uploads/dokuwiki.txt [3] https://bugs.gentoo.org/show_bug.cgi?id=412891 [4] http://bugs.dokuwiki.org/index.php?do=details&task_id=2487 (upstream bug report for the XSS issue) [5] http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 (upstream bug report for the CSRF issue) [6] https://bugzilla.redhat.com/show_bug.cgi?id=815122 (Red Hat bugzilla entry) Discovered by : Khashayar Fereidani Proof of Concept URL: http://sitename/doku.php?do=edit&id=S9F8W2A&target=<script>alert(123)</script> Could you allocate a 2012 CVE id for this issue? (one is enough because only 'target' parameter isn't properly escaped, leading to XSS or CSRF {see [2] for further examples}) Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Jan Lieskovsky (Apr 22)