PHPDeveloper.org: Stefan Esser's Blog: DokuWiki remote PHP code injection

News Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

Ibuildings Blog: Zend Framework testing: emulating HTTP calls

Community News: FrOSCon 2008

Harun Yayli's Blog: memcache.php flushes servers

Cormac's Blog: Fast server-side rejection of large image uploads using $_FILES

PHPClasses.org: Book Review: PHP 5 CMS Framework Development

Job Posting: Yahoo! Seeks PHP Developer (Santa Clara, CA)

PHPImpact Blog: A Django template language clone for PHP

Matthew Weier O'Phinney's Blog: Using dijit.Editor with Zend Framework

SitePoint PHP Blog: Rasmus Lerdorf - PHP frameworks? Think again.

Ken Guest's Blog: Book Review: Learning Facebook Application Development

Stefan Esser's Blog:
DokuWiki remote PHP code injection

by Chris Cornutt June 05, 2006 @ 06:08:12

Stefan Esser has posted this new security issue he discovered in the DokuWiki application.

While searching for the perfect Wiki PHP application for my own german/korean wiki I tested DokuWiki and found an ugly security hole, that allows remote PHP code injection through it's AJAX spellchecking service.

You can read up on his full advisory here, including the location/code of the issue.

0 comments voice your opinion now!
php remote code injection security advisory dokuwiki php remote code injection security advisory dokuwiki

Similar Posts

Sebastian Bergmann\'s Blog: Graphical Logging in PHPUnit 3

Mike Lively\'s Blog: Finally used PHPUnit and I like it

Zend Developer Zone: This Week in the Zend Framework - Issue #10

Andi Gutmans\' Blog: Fluent Interfaces

DevShed.com: The Iterator Pattern (Conclusion)

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework