lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY141-W151BC29817A53CFF75EBF09D590@phx.gbl>
Date: Mon, 24 Dec 2007 13:52:58 +0000
From: Mesut Timur <mesut@...abs.org>
To: <bugtraq@...urityfocus.com>
Subject: Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability


H - Security Labs         
Tikiwiki v1.9.8.3 Security Advisory
ID : HSEC#20072212        

General Information
--------------------------
Name                      : Tikiwiki 1.9.8.3
Vendor HomePage    :http://tikiwiki.org
Platforms                : PHP && MySQL
Vulnerability Type    : Input Validation Error

Timeline
-------------------------
17 December  2007  -- Vendor Contacted 
19 December  2007  -- Vendor Replied
22 December 2007  -- New Release
22 December 2007  -- Advisory Released

What is TikiWiki
------------------------
Tikiwiki (Tiki) is your Groupware/CMS (Content Management System) solution. Tiki has the features you need:
Wikis (like Mediawiki), Forums (like phpBB) ,Blogs (like WordPress), Articles (like Digg), Image Gallery (like Flickr), Map Server (like Google Maps), Link Directory (like DMOZ), Translation and i18n (like Babel Fish), Free (LGPL) And much more...

Vulnerability Overview
------------------------
The script is vulnerable to XSS attacks.

Details About Vulnerability
------------------------
XSS Vulnerability (/tikiwiki/tiki-special_chars.php)
At the lines between 166-168 :
-----------------
  ').value=window.opener.document.getElementById('').value+getElementById('spec').value;"
name="ins" value="ins" />
      ">, you can see it..
The attacker can succesfully launch XSS attacks with loading payload on to the URL area_name variable.

Solution
-----------------------
Download the new release : Tikiwiki 1.9.9
from http://sourceforge.net/project/showfiles.php?group_id=64258&package_id=112134&release_id=563456

Credits
-----------------------
The vulnerabilities found on 17 December  2007
by Mesut Timur 
H - Security Labs , http://www.h-labs.org
Gebze Institute of Technology
Department of Computer Engineering
http://www.gyte.edu.tr

References
-----------------------
Vendor Confirmation : http://tikiwiki.org/ReleaseProcess199
Original Advisory : http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html
_________________________________________________________________
Don't get caught with egg on your face. Play Chicktionary!
http://club.live.com/chicktionary.aspx?icid=chick_wlhmtextlink1_dec

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ