czwartek, 18 lipca 2019

XSS in DokuWiki

Last time we talked about DokuWiki when I was checking Bitnami resources. Today I decided to try it again but this time I used Burp Proxy to automate the process of finding bugs in webapps. Here we go...
We will start here:

I downloaded my VM from Bitnami but you can check the version available here as well.

If you're using commercial version of Burp Suite you can prepare a 'quick check' for your pentests/bughunting. To do that, run Burp and go to Scanner tab:

As you  can see we can prepare our own 'list to check' excluding ("not exploitable") cases like the fact that 'cookie is not secure' ;)

After a while you should be ready to verify your findings:

For example that's how I found XSS bug in DokuWiki 2018-04-22b "Greebo". Check this out:

Maybe you will find it useful. ;)

See you next time.


4 komentarze:

  1. That's not really an XSS. You set the title of the wiki through admin interface (which requires superuser permissions). The wiki title field explicitly allows HTML at the discretion of the admin. So that's intended behavior. Next time you think you found a vulnerability in an OpenSource software, be nice and report it through their requested security channels.

  2. @splitbrain: hi, thanks for watching :) 1st: according to CWE79, I think it is XSS bug; 2nd: I asked directly 'the Owner' of the 'Open Source software'. Guess what... ;) 3rd: thanks for watching, or I said that already...
    *bonus: sure, ping->vendor->response->researcher(s) should 'be the way'.


  3. I *am* the "owner" of the software

  4. That's gonna be interesting :) I see you changed the policy of your account at linkedin. Maybe check your priv msgs again and stop blaming me. Thanks. Bye.