Multiple XSS in KnowledgeTree Community Edition

2011-12-21T00:00:00
ID HTB23065
Type htbridge
Reporter High-Tech Bridge
Modified 2011-12-21T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in KnowledgeTree Community Edition, which can be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerabilities in KnowledgeTree Community Edition: CVE-2012-0988
Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The following PoC code is available:
http://[host]/login.php/%22onmouseover=alert%28document.cookie%29;%3E
http://[host]/admin.php/%22onmouseover=alert%28document.cookie%29;%3E
http://[host]/admin.php/%22onmouseover=alert%28document.cookie%29;%3E
http://[host]/preferences.php/%22onmouseover=alert%28document.cookie%29;%3E
Successful exploitation of these vulnerabilities requires that Apache's directive "AcceptPathInfo" is set to "on" or "default" (default value is "default").