TikiWiki tiki-view_forum_thread.php topics_sort_mode Variable Path Disclosure

2005-11-09T08:33:16
ID OSVDB:20711
Type osvdb
Reporter Moritz Naumann(security@moritz-naumann.com)
Modified 2005-11-09T08:33:16

Description

Vulnerability Description

TikiWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the "topics_sort_mode" variable in the tiki-view_forum_thread.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Tiki Wiki has released a patch to address this vulnerability, and it can be found in cvs.

Short Description

TikiWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the "topics_sort_mode" variable in the tiki-view_forum_thread.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_sort_mode=FOOBAH

References:

Vendor URL: http://tikiwiki.org/ Secunia Advisory ID:17521 Related OSVDB ID: 20710 Other Advisory URL: http://moritz-naumann.com/adv/0003/tikiw/0003.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0235.html FrSIRT Advisory: ADV-2005-2376 CVE-2005-3529