WikkaWiki 1.3.4 Cross Site Scripting Vulnerability

Vendor: Wikka Development Team
Vulnerable Version(s): 1.3.4 and probably prior
Tested Version: 1.3.4
Vendor Notification: August 21, 2013 
Vendor Patch: August 31, 2013 
Public Disclosure: September 11, 2013 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-5586
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in WikkaWiki, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.


1) Cross-Site Scripting (XSS) in WikkaWiki: CVE-2013-5586

The vulnerability exists due to insufficient sanitisation of user-supplied data in "wakka" HTTP GET parameter passed to "/sql/" URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses JavaScript "alert()" function to display user's cookies:

http://[host]/sql/?wakka=sql&wakka=%22onmouseover=%22javascript:alert%28document.cookie%29;%22%3Elink%3C/a%3E

-----------------------------------------------------------------------------------------------

Solution:

Update to Wikka 1.3.4-p1

More Information:
http://docs.wikkawiki.org/WhatsNew
https://wush.net/trac/wikka/ticket/1152

-----------------------------------------------------------------------------------------------

References:

[1] High-Tech Bridge Advisory HTB23170 - https://www.htbridge.com/advisory/HTB23170 - Cross-Site Scripting (XSS) in WikkaWiki.
[2] WikkaWiki - http://www.wikkawiki.org - WikkaWiki is a flexible, standards-compliant and lightweight wiki engine written in PHP, which uses MySQL to store pages.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.

-----------------------------------------------------------------------------------------------

#  0day.today [2018-01-02]  #