[dokuwiki] Re: Handling security issues in DokuWiki plugins

• From: Uwe Koloska <dokuwiki@xxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Wed, 12 Mar 2008 22:29:26 +0100

Hello,

Am Dienstag, 11. März 2008 schrieb Andreas Gohr:
> Here is an example of a plugin page with a marked security problem:
> http://wiki.splitbrain.org/plugin:dailymotion

I am just a beginner with PHP and tried to find the XSS vulnerability here. Is 
it really XSS than can be used from outside without write access to the wiki 
page (by attaching some argument to the address)?
Or is it something "only" a user of the wiki can utilise?  If it is the 
latter, I think all (or most of the) plugins that embed some media files / 
player from other sites (like youtube, slideshare, etc.) are vulnerable, too.

Yours
Uwe Koloska
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: security issue in dailymotion plugin
    • From: Andreas Gohr

Other related posts:

• » [dokuwiki] Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins

1. Home
2. dokuwiki
3. Archive
4. 03-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---