Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-16661

RCE using reset password

    XMLWordPrintable

Details

    • High
    • Unknown
    • N/A
    • N/A

    Description

      Issue

      When resetting the password, the user document XWiki.<username> is saved as superadmin.

      By creating a macro on the user document before resetting the document, it will be executed with superadmin privileges. Thus it is possible to run, for example, a groovy script as a normal user.

      Steps to reproduce

      1. Create an unprivileged user.
      2. Add a XWiki.WikiMacroClass object with a groovy script.
      3. Do a password reset request for this user.
      4. Use the macro in any document.

      Many variants can be used depending on how the user profile is configured.

      Other types of objects can also be used to hold the script.

       

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              jonathanvk Jonathan Villemaire-Krajden
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: