Tiki Wiki CMS 7.0 Cross Site Scripting

Type packetstorm
Reporter High-Tech Bridge SA
Modified 2011-07-20T00:00:00


                                            `Vulnerability ID: HTB23027  
Reference: http://www.htbridge.ch/advisory/xss_in_tiki_wiki_cms_groupware.html  
Product: Tiki Wiki CMS Groupware  
Vendor: info.tiki.org ( http://info.tiki.org )   
Vulnerable Version: 7.0 and probably prior  
Tested on: 7.0  
Vendor Notification: 29 June 2011   
Vulnerability Type: XSS (Cross Site Scripting)  
Status: Fixed by Vendor  
Risk level: Medium   
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )   
Vulnerability Details:  
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks.  
Input passed via the GET "ajax" parameter to snarf_ajax.php is not properly sanitised before being returned to the user.  
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.  
The following PoC code is available:  
This vulnerability work only against users in "Admins" group.  
Solution: Upgrade to the most recent version