[pmwiki-devel] PITS/01030

Petko Yotov 5ko at 5ko.fr
Thu Jun 26 03:00:35 CDT 2008


Thanks for your message.

On Thursday 26 June 2008 02:39:59 DaveG wrote:
> The way I read this is that you'd need to have authform active, and
> allow people login access, or access to the login form -- which your
> test site doesn't appear to do.

It does, I have authform active, you can go to 
http://galleries.accent.bg/Cookbook/Cookbook?action=login .

> From there, we can apparently call the 
> login routine and append bogus php command:
>    &login_vars..., is_admin()
>
> which will get executed.

There is no "is_admin()" function in PmWiki, and I cannot see any way an 
attacker could execute any other existing function with this form, that is 
why I asked for a real example.

Petko



More information about the pmwiki-devel mailing list