Menu

#649 Security vulnerabilities described on exploit-db

Database
open
nobody
None
1
2019-12-17
2019-12-13
Hanno Böck
No

Hi, I wanted to ask for clarification of these security vulnerabilities:
https://www.exploit-db.com/exploits/38027
The page claims these affect 1.5.4. 1.5.5 is current but in the release notes I see nothing mentioned about security fixes. Does that mean they are unfixed? Is phpwiki still maintained or should users move to alternatives?

Related

Bugs: #649

Discussion

  • Marc-Etienne Vargenau

    Marc-Etienne Vargenau - 2019-12-17

    Hi Hanno,

    Thank you for your interest in Phpwiki.

    Yes, I am still maintaining Phpwiki.
    The vulnerabilities have been fixed in the Subversion trunk. You will find below the current behaviour.

    I know it has been a long time that I have not published a Phpwiki release, I still have a few things that do not work with recent PHP 7 (e.g. updating preferences).

    You can use the trunk.

    Do you have a Phpwiki visible on the internet? Or is it internal use?

    Best regards,

    Marc-Etienne Vargenau

    1/ Cross Site Scripting

    index.php?pagename=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C!--

    does not show an alert

    it says:

    Notice: “/scriptscriptalert(document.cookie)/script!--”: Bad page name:
    Leading “/” not allowed

    2/ Local File Inclusion

    index.php/PhpWikiAdministration?action=loadfile&overwrite=1&source=/etc/group

    will give:

    Fatal PhpWiki Error: Not in allowed list. Unable to load: /etc/group

    There is a new property: ALLOWED_LOAD giving list of directories from which it is allowed to load pages.

     

  • Hanno Böck

    Hanno Böck - 2019-12-17

    I'm not running phpwiki myself, I'm developing a tool that scans for vulnerable web applications [1].

    [1] https://source.schokokeks.org/freewvs/

     

    • Marc-Etienne Vargenau

      Marc-Etienne Vargenau - 2019-12-17

      Hi Hanno,

      Thank you.

      You can try to scan: http://phpwiki.demo.free.fr/

      Best regards,

      Marc-Etienne Vargenau

      From: "Hanno Böck" ctulhu@users.sourceforge.net
      Sent: Tuesday, December 17, 2019 12:58 PM
      To: [phpwiki:bugs] 649@bugs.phpwiki.p.re.sourceforge.net
      Subject: [phpwiki:bugs] #649 Security vulnerabilities described on exploit-db

      I'm not running phpwiki myself, I'm developing a tool that scans for vulnerable web applications [1].

      [1] https://source.schokokeks.org/freewvs/

      [bugs:#649]https://sourceforge.net/p/phpwiki/bugs/649/ Security vulnerabilities described on exploit-db

      Status: open
      Group: Database
      Created: Fri Dec 13, 2019 05:11 PM UTC by Hanno Böck
      Last Updated: Tue Dec 17, 2019 11:06 AM UTC
      Owner: nobody

      Hi, I wanted to ask for clarification of these security vulnerabilities:
      https://www.exploit-db.com/exploits/38027
      The page claims these affect 1.5.4. 1.5.5 is current but in the release notes I see nothing mentioned about security fixes. Does that mean they are unfixed? Is phpwiki still maintained or should users move to alternatives?

      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/phpwiki/bugs/649/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #649

      alternate

      • Hanno Böck

        Hanno Böck - 2019-12-17

        It's not an online scanner, it's scanning offline on the filesystem. I can test that even without an installation.

        The only issue here is that I have a database with information of the form "app X had its last security vuln Y that was fixed in Z". It seems right now there is no fixed version, so that's what I'm reporting. I can update it once you make a new release.

        See here how the data looks:
        https://git.schokokeks.org/freewvs.git/blob/master/freewvsdb/wiki.json

         

Log in to post a comment.