DokuWiki 2012-01-25 doku.php html_edit_form target cross site scripting
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in DokuWiki 2012-01-25. This vulnerability affects the function html_edit_form of the file doku.php. Such manipulation of the argument target leads to cross site scripting.
This vulnerability is traded as CVE-2012-2129. The attack may be launched remotely. Furthermore, there is an exploit available.
You should upgrade the affected component.
Details
A vulnerability, which was classified as problematic, has been found in DokuWiki 2012-01-25 (Content Management System). Affected by this issue is the function html_edit_form of the file doku.php. The manipulation of the argument target with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.
The weakness was shared 04/19/2012 by Khashayar Fereidani with IRCRASH Security Community as DokuWiki Ver.2012/01/25 CSRF Add User Exploit as confirmed mailinglist post (Bugtraq). The advisory is available at seclists.org. The vendor was not involved in the coordination of the public release. This vulnerability is handled as CVE-2012-2129 since 04/04/2012. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details as well as a public exploit are known. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project.
A public exploit has been developed by Khashayar Fereidani (fereidani) in Python and been published immediately after the advisory. The exploit is available at seclists.org. It is declared as proof-of-concept. By approaching the search of inurl:doku.php it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 864449 , which helps to determine the existence of the flaw in a target environment. It is running in the context l.
Upgrading to version 2012-01-25a eliminates this vulnerability. The upgrade is hosted for download at github.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 1380.
The vulnerability is also documented in the databases at X-Force (74907), Tenable (864449), SecurityFocus (BID 53041†), OSVDB (81355†) and Secunia (SA48848†). bugzilla.redhat.com is providing further details. The entry VDB-5297 is related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Khashayar Fereidani (fereidani)
Programming Language: 🔍
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 864449
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Context: 🔍
OpenVAS ID: 71270
OpenVAS Name: FreeBSD Ports: dokuwiki
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: DokuWiki 2012-01-25a
Snort ID: 1380
Timeline
04/04/2012 🔍04/17/2012 🔍
04/17/2012 🔍
04/17/2012 🔍
04/19/2012 🔍
04/19/2012 🔍
04/19/2012 🔍
04/25/2012 🔍
04/25/2012 🔍
06/15/2012 🔍
08/27/2012 🔍
09/05/2012 🔍
04/16/2017 🔍
Sources
Advisory: DokuWiki Ver.2012/01/25 CSRF Add User ExploitResearcher: Khashayar Fereidani
Organization: IRCRASH Security Community
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2012-2129 (🔍)
GCVE (CVE): GCVE-0-2012-2129
GCVE (VulDB): GCVE-100-5294
X-Force: 74907 - DokuWiki doku.php cross-site scripting, Medium Risk
SecurityFocus: 53041 - DokuWiki 'target' Parameter Cross Site Scripting Vulnerability
Secunia: 48848 - DokuWiki "target" Cross-Site Scripting Vulnerability, Less Critical
OSVDB: 81355
Vulnerability Center: 36076 - DokuWiki 2012-01-25 XSS Vulnerability via the Target Parameter in an Edit Action, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 04/25/2012 12:45Updated: 04/16/2017 11:39
Changes: 04/25/2012 12:45 (94), 04/16/2017 11:39 (9)
Complete: 🔍
Cache ID: 216:260:103
No comments yet. Languages: en.
Please log in to comment.