FreeLists / dokuwiki / [dokuwiki] Re: SECURITY WARNING

[dokuwiki] || [Date Prev] [09-2006 Date Index] [Date Next] || [Thread Prev] [09-2006 Thread Index] [Thread Next]

[dokuwiki] Re: SECURITY WARNING

From: Chris Smith <chris@xxxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Fri, 08 Sep 2006 13:36:53 +0100

Andreas Gohr wrote:

Okay, thanks for your help in analysing this. If i understand you right, the X-FORWARDED-FOR could be used to insert php code into the lock.file whichisn't exploitable by it self. Only when moving this file to a filname with .php extension by using dwpage.php would make it exploitable, right.

But and attacker could insert php in a wikpage as well and the move this file through the dwpage.php file.


Yes and yes.

so to sum it up the vulnerability is in dwpage.php but cleaning the ip is a good idea anyway (it's already done in the current devel I think).

It was Sep 3, darcs version I was using, so no its not done properly in the current version.

Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:
- [dokuwiki] fixing clientIP() (was: SECURITY WARNING)
  - From: Andreas Gohr
- [dokuwiki] Re: SECURITY WARNING
  - From: Chris Smith

References:
- [dokuwiki] Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Burton Rosenberg
- [dokuwiki] Re: Strange attack on the wiki
  - From: Julian Monteiro
- [dokuwiki] Re: Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] SECURITY WARNING (was: Strange attack on the wiki)
  - From: Andreas Gohr
- [dokuwiki] Re: SECURITY WARNING
  - From: Chris Smith
- [dokuwiki] Re: SECURITY WARNING
  - From: Andreas Gohr