Go to the FreeLists Home Page Home Signup Help Login 		 



[dokuwiki] || [Date Prev] [03-2008 Date Index] [Date Next] || [Thread Prev] [03-2008 Thread Index] [Thread Next]

[dokuwiki] Re: Handling security issues in DokuWiki plugins

  • From: Uwe Koloska <dokuwiki@xxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 12 Mar 2008 22:29:26 +0100
Hello,

Am Dienstag, 11. März 2008 schrieb Andreas Gohr:
> Here is an example of a plugin page with a marked security problem:
> http://wiki.splitbrain.org/plugin:dailymotion

I am just a beginner with PHP and tried to find the XSS vulnerability here. Is 
it really XSS than can be used from outside without write access to the wiki 
page (by attaching some argument to the address)?
Or is it something "only" a user of the wiki can utilise?  If it is the 
latter, I think all (or most of the) plugins that embed some media files / 
player from other sites (like youtube, slideshare, etc.) are vulnerable, too.

Yours
Uwe Koloska
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.