WikkaWiki 1.3.4 Cross Site Scripting Vulnerability

ID 1337DAY-ID-21229
Type zdt
Reporter High-Tech Bridge
Modified 2013-09-13T00:00:00


WikkaWiki version 1.3.4 suffers from a cross site scripting vulnerability.

                                            Vendor: Wikka Development Team
Vulnerable Version(s): 1.3.4 and probably prior
Tested Version: 1.3.4
Vendor Notification: August 21, 2013 
Vendor Patch: August 31, 2013 
Public Disclosure: September 11, 2013 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-5586
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 


Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in WikkaWiki, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.

1) Cross-Site Scripting (XSS) in WikkaWiki: CVE-2013-5586

The vulnerability exists due to insufficient sanitisation of user-supplied data in "wakka" HTTP GET parameter passed to "/sql/" URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses JavaScript "alert()" function to display user's cookies:




Update to Wikka 1.3.4-p1

More Information:



[1] High-Tech Bridge Advisory HTB23170 - https://www.htbridge.com/advisory/HTB23170 - Cross-Site Scripting (XSS) in WikkaWiki.
[2] WikkaWiki - http://www.wikkawiki.org - WikkaWiki is a flexible, standards-compliant and lightweight wiki engine written in PHP, which uses MySQL to store pages.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.


#  0day.today [2018-01-02]  #