XSS in Tiki Wiki CMS Groupware

2011-07-20T00:00:00
ID SSV:20750
Type seebug
Reporter Root
Modified 2011-07-20T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Vendor:	info.tiki.org ( http://info.tiki.org )
Vulnerable Version:	7.0 and probably prior
Tested on:	7.0

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks.

Input passed via the GET "ajax" parameter to snarf_ajax.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.

The following PoC code is available:

http://[host]/snarf_ajax.php?url=1&ajax=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E