Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10179
HistoryNov 10, 2005 - 12:00 a.m.

Multiple security issues in TikiWiki 1.9.x

2005-11-1000:00:00
vulners.com
6
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SA0003

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++ Multiple security issues in TikiWiki 1.9.x +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PUBLISHED ON
Nov 09, 2005

PUBLISHED AT
http://moritz-naumann.com/adv/0003/tikiw/0003.txt
http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig

PUBLISHED BY
Moritz Naumann IT Consulting & Services
Hamburg, Germany
http://moritz-naumann.com/

info AT moritz HYPHON naumann D0T com
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc

AFFECTED APPLICATION OR SERVICE
TikiWiki
http://tikiwiki.org/

AFFECTED VERSION
1.9.x up to and including 1.9.2
Possibly versions < 1.9 (untested)

BACKGROUND
"Tikiwiki is a full featured Free Software (GNU/LGPL)
Wiki/CMS/Groupware written in PHP and maintained by an
active and international community of benevolent
contributors."

ISSUE 1 (XSS)
A XSS vulnerability has been detected in the fora code
of TikiWiki. The problem is caused by insufficient input
sanitation.

The following partial URL demonstrates the issue:

[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_offset=10%22%20onmouseover='javascript:alert(document.title)%3B'%3E[PLEASE%20MOVE%20YOUR%20MOUSE%20POINTER%20HERE!]%20%3Cx%20y=%22

Please move your mouse pointer over the input field
which says so.

ISSUE 2 (Information Disclosure, possible SQL injection)

The application discloses the installation path. This
may also be useable to craft an SQL injection.

The following partial URL demonstrates the issue:

[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_sort_mode=FOOBAH

WORKAROUND
Issue 1: Disable Javascript (client) or deny access to
TikiWiki (server).
Issue 2: Set PHP to log errors to file only (issue 2).

SOLUTIONS
We are not aware of a maintainer provided fix.

TIMELINE
Oct 6, 2005: Maintainer informed
Oct 6, 2005: First maintainer reply
Oct 14, 2005: Request for additional information sent
to maintainer
[in between]: issues fixed on maintainer website
Nov 09, 2005: Public disclosure

REFERENCES
Issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3528
Issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3529

ADDITIONAL CREDIT
N/A

LICENSE
Creative Commons Attribution-ShareAlike License Germany
http://creativecommons.org/licenses/by-sa/2.0/de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDcieHn6GkvSd/BgwRAvmjAJ0bAOZ/wvtJ6cxo0I6qbq09kMl8MgCZAYwp
g/uC6sZOj1V9DCXo8XdOv3U=
=IJXk
-----END PGP SIGNATURE-----

Related

packetstorm 1
cve 2
packetstorm
packetstorm
0003.txt
2005-11-10 00:00:00
cve
cve
CVE-2005-3528
2005-11-20 22:03:00
CVE-2005-3529
2005-11-20 22:03:00
JSON
Related for SECURITYVULNS:DOC:10179
packetstorm1cve2