This is the issue tracking system for DokuWiki. You may add bugs and feature wishes here.
Please post support requests and plugin wishes in the forum. Bug reports for plugins should be reported in the plugin's tracker linked from the plugin page.
To prevent spamming anonymous task adding had to be disabled.
Please post support requests and plugin wishes in the forum. Bug reports for plugins should be reported in the plugin's tracker linked from the plugin page.
To prevent spamming anonymous task adding had to be disabled.
FS#1700 - Local File Inclusion with register_globals on
Attached to Project:
DokuWiki
Opened by Andreas Gohr (andi) - Tuesday, 26 May 2009, 17:05 GMT+1
Last edited by Andreas Gohr (andi) - Saturday, 25 July 2009, 13:40 GMT+1
Opened by Andreas Gohr (andi) - Tuesday, 26 May 2009, 17:05 GMT+1
Last edited by Andreas Gohr (andi) - Saturday, 25 July 2009, 13:40 GMT+1
|
DetailsA security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages. However the attack is only possible when the PHP option register_globals is enabled. This option is disabled by default since several years and its usage is generally discouraged. This should hopefully limit the effect of an exploit that has been seen in the wild already. Affected versions are 2009-02-14, rc2009-02-06, rc2009-01-30 and all development releases until today. To secure your installation, make sure you disable the register_global option in your php.ini (DokuWiki will work fine without it). An updated stable release named 2009-02-14b is available at http://www.splitbrain.org/go/dokuwiki If you'd like to fix the issue manually, please follow these steps: Open inc/init.php in an editor Remove the following line (line 45): global $config_cascade; And add the following two line in line 13 global $config_cascade; $config_cascade = ''; Should be right before the following: // if available load a preload config file $preload = fullpath(dirname(__FILE__)).'/preload.php'; if (@file_exists($preload)) include($preload); |
This task depends upon
Closed by Andreas Gohr (andi)
Saturday, 25 July 2009, 13:40 GMT+1
Reason for closing: Fixed
Additional comments about closing: fixed in 2009-02-14b
Saturday, 25 July 2009, 13:40 GMT+1
Reason for closing: Fixed
Additional comments about closing: fixed in 2009-02-14b