Join GitHub today
reflected file download vulnerability #2029
originally reported in https://hackerone.com/reports/238316
The server responds with:
This can lead to arbitrary code execution on a victim's machine!
Reproduction on Windows!!
1.) Open Chrome Browser
If the user runs this batch file in Windows, it will open your calculator! This could lead to the entire compromise of the victim's computer.
I recommend URL encoding any characters in the server response (if the ajax call is not found) such as
The actual problem here is that the error message reflects the passed parameter uncleaned (because it is a text/plain response). This allows to inject arbitrary code in the response, eg. to create a valid batch file. A user may be tricked into downloading and executing the resulting code (assisted by the
Hey there, looks like it this patch doesn't actually fix this issue.
You will see
An easy patch that I would recommend is to
Issue is here:
easy fix :)
For the coming release, there are still pending issues. Please see https://github.com/splitbrain/dokuwiki/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22%F0%9F%90%B1+Greebo%22
There is no release date planned.
@r0bag Tested it. The reponse is cleaned. You can test it with the links in the original post above.
DokuWiki.org will respond to