search

hhucn / webvulnscan

automated web application vulnerability scanner
MIT License
38 stars 27 forks source link

Undeterminable CSRF-Vulnerabilities in Dokuwiki #77

Open rliebig opened 10 years ago

rliebig commented 10 years ago

There are several CSRF Vulnerabilities shown when one scans dokuwiki, but these are most likely false positives.

rliebig commented 10 years ago

Webvulnscan gives the following output:

 Vulnerability: http://localhost/dokuwiki/doku.php CSRF Vulnerability  | Request: http://localhost/dokuwiki/doku.php?=%3E
 Vulnerability: http://localhost/dokuwiki/doku.php CSRF Vulnerability  | Request: http://localhost/dokuwiki/doku.php?=%3E

Notably, http://localhost/dokuwiki/doku.php/?=%3E is not a valid site.