-
2007-04-05
iaf
Nessus 2.2.9 reports a critical BLIND SQL injection vulnerability in dokuwiki-2006-11-06.
Here is the nessus output:
Vulnerability http ( 80 / tcp ) The following URLs seem to be vulnerable to BLIND SQL injection
techniques :
/doku.php?-='+AND+'b'>'a&id=start&do=index&rev=
/doku.php?-=&id=start&do=index&rev='+AND+'b'>'a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http:// www.securitydocs.com/library/2651
-
2007-04-07
andi
DokuWiki does not use a database so SQL injection isn't even possible. The test you mention seems to be a generic one pointing at a possible flaw of a tested application. In the case of DokuWiki this is clearly a false positive.
-
2007-04-08
iaf
I realise that dokuwiki does not use a sql database. However, the nessus report seems to indicate a problem exists in that CGI arguments are not 'properly escaped'. I'm not sure what this means but our security folks are a bit excited.
-
2007-04-09
andi
I tried both given URLs and could not see any problem with escaping the data (I know what it means ;-)) Ask your security folks to have their own look not using an automatic test but doing it manually to evaluate if there is any real problem.
-
2007-04-17
iaf
The latest (2007-04-15) nessus dokuwiki signatures no longer reports the SQL injection error as a critical dokuwiki vulnerability. Sorry about the needless freaking. I scan thousands of boxes every week - I just wanted to make sure that dokuwiki had a clean bill of health :)