[dokuwiki] Re: Strange attack on the wiki

From: "Stefan Hållén" <stefan.hallen@xxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Fri, 8 Sep 2006 10:09:51 +0200

I'm not really experienced in all this php stuff (first time I fiddled with
it was when I set up our dokuwiki).

Hence, I sometimes have a hard time grasping what is said on this list (but
I read it all with great interest).

So, just to make sure, I removed the dokuwiki/bin directory for now. Does
that mean I'm safe?

On 9/8/06, Andreas Gohr <andi@xxxxxxxxxxxxxx> wrote:


Oliver Schulze L. writes:

> I just created an alert in google using this search term:
> dokuwiki group:mailing.unix.bugtraq
> It may help us in the future ;)

good idea but wouldn't have helped us in this case. Because the guy just
posted the exploit today instead of informing us about it.

> Also, I hope Andi or Chris could comment on this exploit later,
> is it dangerous? in which environments it can be exploited?

It is very dangerous. The two expoits you've linked didn't use the whole
potential of the problem yet. From what I can see it should be possible to
use this to place any kind of code on the webserver. :-(

Exploitable are all installs where the bin directory is unprotected and
the
register_argc_argv PHP option is enabled - which is probably nearly
everywhere because it's on by default.

So yes this is one of those worst case exploits :-( Again :-(

Andi
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:
- [dokuwiki] Re: Strange attack on the wiki
  - From: Andreas Gohr
- [dokuwiki] Re: Strange attack on the wiki
  - From: Oliver Schulze L.

References:
- [dokuwiki] Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Andreas Gohr

[dokuwiki] Re: Strange attack on the wiki

Other related posts: