Last time we talked about DokuWiki when I was checking Bitnami resources. Today I decided to try it again but this time I used Burp Proxy to automate the process of finding bugs in webapps. Here we go...
We will start here:
I downloaded my VM from Bitnami but you can check the version available here as well.
If you're using commercial version of Burp Suite you can prepare a 'quick check' for your pentests/bughunting. To do that, run Burp and go to Scanner tab:
As you can see we can prepare our own 'list to check' excluding ("not exploitable") cases like the fact that 'cookie is not secure' ;)
After a while you should be ready to verify your findings:
For example that's how I found XSS bug in DokuWiki 2018-04-22b "Greebo". Check this out:
Maybe you will find it useful. ;)
See you next time.