{"type": "osvdb", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26056", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "edition": 1, "reporter": "Blwood(blwood@skynet.be)", "title": "TikiWiki tiki-adminusers.php Unspecified XSS", "affectedSoftware": [{"operator": "eq", "version": "1.9.3.1", "name": "TikiWiki"}], "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-28T13:20:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2635"]}, {"type": "osvdb", "idList": ["OSVDB:26051", "OSVDB:26058", "OSVDB:26048", "OSVDB:26059", "OSVDB:26053", "OSVDB:26054", "OSVDB:26057", "OSVDB:26055", "OSVDB:26052", "OSVDB:26061"]}, {"type": "exploitdb", "idList": ["EDB-ID:27917"]}], "modified": "2017-04-28T13:20:22", "rev": 2}, "vulnersScore": 5.0}, "references": [], "id": "OSVDB:26056", "lastseen": "2017-04-28T13:20:22", "cvelist": ["CVE-2006-2635"], "modified": "2006-05-25T12:05:04", "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified input upon submission to the tiki-adminusers.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified input upon submission to the tiki-adminusers.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n"}

{"cve": [{"lastseen": "2020-10-03T11:48:15", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"<scr<script>ipt>\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.", "edition": 3, "cvss3": {}, "published": "2006-05-30T10:02:00", "title": "CVE-2006-2635", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2635"], "modified": "2018-10-18T16:41:00", "cpe": ["cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.2", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.6", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.3.2", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.0", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.1", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.8", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.3.1", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.4", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.11", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.3", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.10", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.8.1", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.7", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.9", "cpe:/a:tiki:tikiwiki_cms\\/groupware:1.9.5"], "id": "CVE-2006-2635", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2635", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the tiki-remind_password.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the tiki-remind_password.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26051", "id": "OSVDB:26051", "type": "osvdb", "title": "TikiWiki tiki-remind_password.php Unspecified XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'numrows\\' variables upon submission to the tiki-adminusers.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'numrows\\' variables upon submission to the tiki-adminusers.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tiki-adminusers.php?find=&search=find&numrows=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=login_asc\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26055", "id": "OSVDB:26055", "type": "osvdb", "title": "TikiWiki tiki-adminusers.php numrows Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables in the Metatag action upon submission to the tiki-admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables in the Metatag action upon submission to the tiki-admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26052", "id": "OSVDB:26052", "type": "osvdb", "title": "TikiWiki tiki-admin.php Metatag Action XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'find\\' or \\'offset\\' variables upon submission to the tiki-orphan_pages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'find\\' or \\'offset\\' variables upon submission to the tiki-orphan_pages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tikiwiki-1.9.3.1/tiki-orphan_pages.php?find=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E&offset=&sort_mode=flag_desc\nhttp://[target]/tikiwiki-1.9.3.1/tiki-orphan_pages.php?find=&offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E&sort_mode=flag_desc\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26049", "id": "OSVDB:26049", "type": "osvdb", "title": "TikiWiki tiki-orphan_pages.php Multiple Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'initial\\' variables upon submission to the tiki-listpages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'initial\\' variables upon submission to the tiki-listpages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tiki-listpages.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E&sort_mode=creator_desc\nhttp://[target]/tiki-listpages.php?initial=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E&sort_mode=pageName_asc\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26050", "id": "OSVDB:26050", "type": "osvdb", "title": "TikiWiki tiki-listpages.php Multiple Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'Assign new module\\' or \\'Create new user module\\' fields upon submission to the tiki-admin_modules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'Assign new module\\' or \\'Create new user module\\' fields upon submission to the tiki-admin_modules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26058", "id": "OSVDB:26058", "type": "osvdb", "title": "TikiWiki tiki-admin_modules.php Multiple Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'days\\' variables upon submission to the tiki-lastchanges.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'days\\' variables upon submission to the tiki-lastchanges.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tiki-lastchanges.php?days=3&offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E\nhttp://[target]/tikiwiki-1.9.3.1/tiki-lastchanges.php?days=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E&offset=0&sort_mode=user_desc\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26048", "id": "OSVDB:26048", "type": "osvdb", "title": "TikiWiki tiki-lastchanges.php Multiple Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' variable upon submission to the tiki-admin_rssmodules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' variable upon submission to the tiki-admin_rssmodules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tiki-admin_rssmodules.php?offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=name_desc&rssId=1\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26053", "id": "OSVDB:26053", "type": "osvdb", "title": "TikiWiki tiki-admin_rssmodules.php offset Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'max\\' variables upon submission to the tiki-syslog.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \\'offset\\' or \\'max\\' variables upon submission to the tiki-syslog.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/tiki-syslog.php?find=&max=10&offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=loguser_desc\nhttp://[target]/tiki-syslog.php?find=&max=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(\\'Blwood\\')%3C/scr%3C/script%3Eipt%3E%3C!--&offset=0&sort_mode=logtype_desc\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26057](https://vulners.com/osvdb/OSVDB:26057)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26054", "id": "OSVDB:26054", "type": "osvdb", "title": "TikiWiki tiki-syslog.php Multiple Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2635"], "edition": 1, "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified input upon submission to the tiki-admin_hotwords.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nAn attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.\n## Solution Description\nUpgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified input upon submission to the tiki-admin_hotwords.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tikiwiki.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367\n[Secunia Advisory ID:20334](https://secuniaresearch.flexerasoftware.com/advisories/20334/)\n[Related OSVDB ID: 26048](https://vulners.com/osvdb/OSVDB:26048)\n[Related OSVDB ID: 26049](https://vulners.com/osvdb/OSVDB:26049)\n[Related OSVDB ID: 26051](https://vulners.com/osvdb/OSVDB:26051)\n[Related OSVDB ID: 26055](https://vulners.com/osvdb/OSVDB:26055)\n[Related OSVDB ID: 26056](https://vulners.com/osvdb/OSVDB:26056)\n[Related OSVDB ID: 26050](https://vulners.com/osvdb/OSVDB:26050)\n[Related OSVDB ID: 26052](https://vulners.com/osvdb/OSVDB:26052)\n[Related OSVDB ID: 26054](https://vulners.com/osvdb/OSVDB:26054)\n[Related OSVDB ID: 26059](https://vulners.com/osvdb/OSVDB:26059)\n[Related OSVDB ID: 26053](https://vulners.com/osvdb/OSVDB:26053)\n[Related OSVDB ID: 26058](https://vulners.com/osvdb/OSVDB:26058)\n[Related OSVDB ID: 26060](https://vulners.com/osvdb/OSVDB:26060)\n[Related OSVDB ID: 26061](https://vulners.com/osvdb/OSVDB:26061)\n[Related OSVDB ID: 26062](https://vulners.com/osvdb/OSVDB:26062)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html\nFrSIRT Advisory: ADV-2006-2024\n[CVE-2006-2635](https://vulners.com/cve/CVE-2006-2635)\nBugtraq ID: 18143\n", "modified": "2006-05-25T12:05:04", "published": "2006-05-25T12:05:04", "href": "https://vulners.com/osvdb/OSVDB:26057", "id": "OSVDB:26057", "type": "osvdb", "title": "TikiWiki tiki-admin_hotwords.php Unspecified XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T07:02:56", "description": "TikiWiki 1.9 tiki-lastchanges.php Multiple Parameter XSS. CVE-2006-2635. Webapps exploit for php platform", "published": "2006-05-29T00:00:00", "type": "exploitdb", "title": "TikiWiki 1.9 tiki-lastchanges.php Multiple Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-2635"], "modified": "2006-05-29T00:00:00", "id": "EDB-ID:27917", "href": "https://www.exploit-db.com/exploits/27917/", "sourceData": "source: http://www.securityfocus.com/bid/18143/info\r\n\r\nTikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nhttp://www.example.com/tiki/tiki-lastchanges.php?days=\"><scr<script>ipt>[code]</scr</script>ipt>>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27917/"}]}