Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10322
HistoryNov 23, 2005 - 12:00 a.m.

PmWiki 2.0.12 Cross Site Scripting

2005-11-2300:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SA0005

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++ PmWiki 2.0.12 Cross Site Scripting +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PUBLISHED ON
Nov 22, 2005

PUBLISHED AT
http://moritz-naumann.com/adv/0005/pmwiki/0005.txt
http://moritz-naumann.com/adv/0005/pmwiki/0005.txt.sig

PUBLISHED BY
Moritz Naumann IT Consulting & Services
Hamburg, Germany
http://moritz-naumann.com/

SECURITY at MORITZ hyphon NAUMANN d0t COM
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc

AFFECTED APPLICATION OR SERVICE
PmWiki
http://www.pmwiki.org/

AFFECTED VERSION
Version 2.0 up to and including 2.0.12

BACKGROUND
Everybody knows XSS.
http://en.wikipedia.org/wiki/XSS
http://www.cgisecurity.net/articles/xss-faq.shtml

ISSUE
PmWiki 2.0.12 is subject to a XSS vulnerability. The
problem exists in the 'q' parameter passed to the search
function. Successful exploitation may allow for
impersonification through session stealing.

The following URL demonstrates this issue:

[pmwiki_basedir]/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NOW!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20

This issue is caused by insufficient input validation.

WORKAROUND
Client: Disable Javascript.
Server: Prevent access to pagelist.php.

SOLUTIONS
Install or upgrade to the latest release, version 2.0.13.
Both releases and patch files are available at
http://www.pmwiki.org/pub/pmwiki/

TIMELINE
Nov 05, 2005 Discovery
Nov 05, 2005 Code maintainer notified
Nov 09, 2005 Code maintainer replies
Nov 10, 2005 Code maintainer provides fix
Nov 11, 2005 CVE candidate assignment requested
Nov 22, 2005 Sick of waiting for Mitre to fix their DB
Nov 22, 2005 Public disclosure

REFERENCES
N/A

ADDITIONAL CREDIT
N/A

LICENSE
Creative Commons Attribution-ShareAlike License Germany
http://creativecommons.org/licenses/by-sa/2.0/de/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDg4k6n6GkvSd/BgwRAkHNAKCTcGJKosuxhRzWh4BBSxMdhPN5hgCgh6ge
12nFL+rppdBzzKf9w3XXETc=
=idBd
-----END PGP SIGNATURE-----

JSON