Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4F94DEA2.80902@redhat.com>
Date: Sun, 22 Apr 2012 22:46:26 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- DokuWiki: XSS and CSRF due improper
 escaping of 'target' parameter in preprocessing edit form data

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/22/2012 11:24 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> a cross-site scripting (XSS) and cross-site request forgery (CSRF) 
> flaws were found in the way DokuWiki, a standards compliant, simple
> to use Wiki, performed sanitization of the 'target' parameter when
> preprocessing edit form data. A remote attacker could provide a
> specially-crafted URL, which once visited by a valid DokuWiki user
> would lead to arbitrary HTML or web script execution in the context
> of logged in DokuWiki user.
> 
> References: [1] https://secunia.com/advisories/48848/ [2]
> http://ircrash.com/uploads/dokuwiki.txt [3]
> https://bugs.gentoo.org/show_bug.cgi?id=412891 [4]
> http://bugs.dokuwiki.org/index.php?do=details&task_id=2487 
> (upstream bug report for the XSS issue)

Please use CVE-2012-2129 for this issue.

> [5] http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 
> (upstream bug report for the CSRF issue)

Please use CVE-2012-2128 for this issue

> [6] https://bugzilla.redhat.com/show_bug.cgi?id=815122 (Red Hat
> bugzilla entry)
> 
> Discovered by : Khashayar Fereidani
> 
> Proof of Concept URL: 
> http://sitename/doku.php?do=edit&id=S9F8W2A&target=<script>alert(123)</script>
>
> 
> 
> Could you allocate a 2012 CVE id for this issue? (one is enough
> because only 'target' parameter isn't properly escaped, leading to
> XSS or CSRF {see [2] for further examples})

Under ADT2: 	Are X and Y different bug types? (e.g. buffer overflow,
SQL injection, NULL pointer dereference?) Yes: SPLIT them.

> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPlN6iAAoJEBYNRVNeJnmTqdUQAL954UvCMFpkIUpdlUVUj9zR
jf4qAx13KVvKcxmu4Qyg4ZkO8qjn3I4eFJCqLpx7TTp1hSAcPF7bteGUemBBtB5B
loG4wNbVYpCZii1ZhIBLIHw9hNlknS18dmstpmRWTRAcpBj2uzppMCaaqB5qBM1H
V/+rTVh3cpGF8TcoI7u+uLWsDmDXI1LmUsVy/7TtkvWVry7sjQj0IqZl4DtXtlct
w84cXrfI9ImFwbEe7dL6SBl8TMGAPUFWvzWLotgus9XiEIICI12R5DjvvA60wtiL
9alOe28mPjQ0xdSNBCMgLq7f1cR6lf+0W5H+Mrs2+TA0VcPYu5VTpPtISjK7Hh56
vnl8R5MVMpB/oWOsAXt/9m52UKCNmCT1gHPw4QRy8zGbjoAn3Ey8i4ywcG6ZoZP7
IzhSktbcIYI5urpfh25REz5vSkMZwh3y8Vb/wuYa8KcxNcIZVGpu6SYx5E/gvlSb
ZunIs3HqHnif/FXlisvbg6YMFZwoYb9sCzA5+H6kcjfX8DWlqX7g92DraTvHHV+8
YR3YIHfhSyPvANE+YL0oWHZHoL6PIMJsFNE9cujA8qu1D99HcGTJgxlyo4/r0D4U
7uutIQ3Ub82Pc9A6+SHUZtSWOGKsXk1j7DFsPwbemVw+dBXkjOr8MNjdQLz6DOtn
2HRZTS+OV9gx35HJyant
=vpvh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.