Tiki Wiki CMS 7.0 Cross Site Scripting

2011-07-20T00:00:00
ID PACKETSTORM:103179
Type packetstorm
Reporter High-Tech Bridge SA
Modified 2011-07-20T00:00:00

Description

                                        
                                            `Vulnerability ID: HTB23027  
Reference: http://www.htbridge.ch/advisory/xss_in_tiki_wiki_cms_groupware.html  
Product: Tiki Wiki CMS Groupware  
Vendor: info.tiki.org ( http://info.tiki.org )   
Vulnerable Version: 7.0 and probably prior  
Tested on: 7.0  
Vendor Notification: 29 June 2011   
Vulnerability Type: XSS (Cross Site Scripting)  
Status: Fixed by Vendor  
Risk level: Medium   
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )   
  
Vulnerability Details:  
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks.  
  
Input passed via the GET "ajax" parameter to snarf_ajax.php is not properly sanitised before being returned to the user.  
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.  
  
The following PoC code is available:  
  
http://[host]/snarf_ajax.php?url=1&ajax=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E  
  
This vulnerability work only against users in "Admins" group.  
Solution: Upgrade to the most recent version  
`