TikiWiki tiki-admin_chat.php offset Variable XSS

2006-05-25T12:05:04
ID OSVDB:26062
Type osvdb
Reporter Blwood(blwood@skynet.be)
Modified 2006-05-25T12:05:04

Description

Vulnerability Description

TikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'offset\' variable upon submission to the tiki-admin_chat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

Solution Description

Upgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

TikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'offset\' variable upon submission to the tiki-admin_chat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/tiki-admin_chat.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert(\'Blwood\')%3C/scr%3C/script%3Eipt%3E&sort_mode=name_desc&channelId=1

References:

Vendor URL: http://tikiwiki.org/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=421367 Secunia Advisory ID:20334 Related OSVDB ID: 26048 Related OSVDB ID: 26049 Related OSVDB ID: 26051 Related OSVDB ID: 26055 Related OSVDB ID: 26056 Related OSVDB ID: 26050 Related OSVDB ID: 26052 Related OSVDB ID: 26054 Related OSVDB ID: 26059 Related OSVDB ID: 26053 Related OSVDB ID: 26057 Related OSVDB ID: 26058 Related OSVDB ID: 26060 Related OSVDB ID: 26061 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0072.html FrSIRT Advisory: ADV-2006-2024 CVE-2006-2635 Bugtraq ID: 18143