czwartek, 18 lipca 2019

XSS in DokuWiki

Last time we talked about DokuWiki when I was checking Bitnami resources. Today I decided to try it again but this time I used Burp Proxy to automate the process of finding bugs in webapps. Here we go...
We will start here:


I downloaded my VM from Bitnami but you can check the version available here as well.

If you're using commercial version of Burp Suite you can prepare a 'quick check' for your pentests/bughunting. To do that, run Burp and go to Scanner tab:



As you  can see we can prepare our own 'list to check' excluding ("not exploitable") cases like the fact that 'cookie is not secure' ;)

After a while you should be ready to verify your findings:


For example that's how I found XSS bug in DokuWiki 2018-04-22b "Greebo". Check this out:


Maybe you will find it useful. ;)

See you next time.

Cheers


Posted by at
Labels: , , , ,

4 komentarze:

  1. splitbrain18 lipca 2019 08:25

    That's not really an XSS. You set the title of the wiki through admin interface (which requires superuser permissions). The wiki title field explicitly allows HTML at the discretion of the admin. So that's intended behavior. Next time you think you found a vulnerability in an OpenSource software, be nice and report it through their requested security channels.

    OdpowiedzUsuń
  2. code1618 lipca 2019 10:57

    @splitbrain: hi, thanks for watching :) 1st: according to CWE79, I think it is XSS bug; 2nd: I asked directly 'the Owner' of the 'Open Source software'. Guess what... ;) 3rd: thanks for watching, or I said that already...
    *bonus: sure, ping->vendor->response->researcher(s) should 'be the way'.

    cheers

    OdpowiedzUsuń
  3. splitbrain18 lipca 2019 10:59

    I *am* the "owner" of the software

    OdpowiedzUsuń
  4. code1618 lipca 2019 11:52

    That's gonna be interesting :) I see you changed the policy of your account at linkedin. Maybe check your priv msgs again and stop blaming me. Thanks. Bye.

    OdpowiedzUsuń

Subskrybuj: Komentarze do posta (Atom)