XSS Vulnerability in DokuWiki
=================================================

Discovered on 05.03.2006 by yorn.

Description:
------------
http://wiki.splitbrain.org/wiki:dokuwiki

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at 
creating documentation of any kind. It is targeted at developer teams, 
workgroups and small companies. It has a simple but powerful syntax which 
makes sure the datafiles remain readable outside the Wiki and eases the 
creation of structured texts. 
All data is stored in plain text files ? no database is required.

Problems:
--------

XSS:
There is a XSS vulnerability in the "Picture List" of the "mediamanager". 
It is possible to upload a picture with a spcially crafted EXIF tag, 
containing script code. This code will be executed everytime a user views 
the "mediamanager".

POC:
Insert '><script>alert(document.cookie)</script> into the following fields,
either by using an exif editor or using the Edit Picture function of the wiki
and save it. View the mediamanager again, enjoy your cookie.

Vulnerable fields:
Titel
Bildunterschrift
Schlagwörter

Vendor Status:
--------------
Vendor has been informed on the date of discovery. Patched in the 
DokuWiki 2006-03-05 release!