Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Dec 6th 2021
DokuWiki is vulnerable to CSRF in enabling / disabling plugin due to missing CSRF token (sectok)
Proof of Concept
If a logged-in admin user visits an attacker's website with the following HTML code
the LDAP plugin, for example, will be disabled
This vulnerability is capable of tricking admin users to enable / disable plugins, unknowingly disabling some functionalities of their site. For instance, custom authentication plugins can be disabled, preventing users from login.
I recommend using the sectok in this AJAX endpoint, much like the sectok token used in the mediaupload AJAX endpoint