[dokuwiki] Possible Security Problem

• From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Sun, 30 Oct 2005 21:58:44 +0100

Hello!

Harry Fuecks discovered a possible security problem with the
html_hilight() function, wich is used to highlight search terms in a
page. These terms are used in a preg_replace call using the /e modifier
which could lead to a PHP code injection problem.

We were not able to successfully exploit the the flaw but belive it
could be possible. Due to the seriousness of this bug I urge everyone
using DokuWiki to fix this by either applying the modifications
described at http://bugs.splitbrain.org/?do=details&id=616 or by getting
an updated package of the 2005-09-22 release from
http://www.splitbrain.org/go/dokuwiki

Andi

PS: If you are able to exploit it I'd like to get a __private__ mail
with an example from you. Again: please do not send an working exploit
to the list.

• Follow-Ups:
  • [dokuwiki] Re: Possible Security Problem
    • From: Martin Baum

Other related posts:

• » [dokuwiki] Possible Security Problem
• » [dokuwiki] Re: Possible Security Problem
• » [dokuwiki] Re: Possible Security Problem

1. Home
2. dokuwiki
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---