I'm not really experienced in all this php stuff (first time I fiddled with it was when I set up our dokuwiki).
Hence, I sometimes have a hard time grasping what is said on this list (but I read it all with great interest).
So, just to make sure, I removed the dokuwiki/bin directory for now. Does that mean I'm safe?
Oliver Schulze L. writes:
> I just created an alert in google using this search term: > dokuwiki group:mailing.unix.bugtraq > It may help us in the future ;)
good idea but wouldn't have helped us in this case. Because the guy just posted the exploit today instead of informing us about it.
> Also, I hope Andi or Chris could comment on this exploit later, > is it dangerous? in which environments it can be exploited?
It is very dangerous. The two expoits you've linked didn't use the whole potential of the problem yet. From what I can see it should be possible to use this to place any kind of code on the webserver. :-(
Exploitable are all installs where the bin directory is unprotected and the register_argc_argv PHP option is enabled - which is probably nearly everywhere because it's on by default.
So yes this is one of those worst case exploits :-( Again :-(
Andi -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist