WikkaWiki version 1.3.4 suffers from a cross site scripting vulnerability.
Vendor: Wikka Development Team
Vulnerable Version(s): 1.3.4 and probably prior
Tested Version: 1.3.4
Vendor Notification: August 21, 2013
Vendor Patch: August 31, 2013
Public Disclosure: September 11, 2013
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-5586
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in WikkaWiki, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.
1) Cross-Site Scripting (XSS) in WikkaWiki: CVE-2013-5586
The vulnerability exists due to insufficient sanitisation of user-supplied data in "wakka" HTTP GET parameter passed to "/sql/" URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses JavaScript "alert()" function to display user's cookies:
http://[host]/sql/?wakka=sql&wakka=%22onmouseover=%22javascript:alert%28document.cookie%29;%22%3Elink%3C/a%3E
-----------------------------------------------------------------------------------------------
Solution:
Update to Wikka 1.3.4-p1
More Information:
http://docs.wikkawiki.org/WhatsNew
https://wush.net/trac/wikka/ticket/1152
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23170 - https://www.htbridge.com/advisory/HTB23170 - Cross-Site Scripting (XSS) in WikkaWiki.
[2] WikkaWiki - http://www.wikkawiki.org - WikkaWiki is a flexible, standards-compliant and lightweight wiki engine written in PHP, which uses MySQL to store pages.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.
-----------------------------------------------------------------------------------------------
# 0day.today [2018-01-02] #