TUCoPS :: HP Unsorted T :: bx1181.htm

Tikiwiki tiki-special_chars.php XSS Vulnerability
Tikiwiki tiki-special_chars.php XSS Vulnerability
Tikiwiki tiki-special_chars.php XSS Vulnerability

H - Security Labs         
Tikiwiki v1.9.8.3 Security Advisory
ID : HSEC#20072212        

General Information
Name                      : Tikiwiki
Vendor HomePage :http://tikiwiki.org 
Platforms                : PHP && MySQL
Vulnerability Type    : Input Validation Error

17 December  2007  -- Vendor Contacted 
19 December  2007  -- Vendor Replied
22 December 2007  -- New Release
22 December 2007  -- Advisory Released

What is TikiWiki
Tikiwiki (Tiki) is your Groupware/CMS (Content Management System) solution. Tiki has the features you need:
Wikis (like Mediawiki), Forums (like phpBB) ,Blogs (like WordPress), Articles (like Digg), Image Gallery (like Flickr), Map Server (like Google Maps), Link Directory (like DMOZ), Translation and i18n (like Babel Fish), Free (LGPL) And much more...

Vulnerability Overview
The script is vulnerable to XSS attacks.

Details About Vulnerability
XSS Vulnerability (/tikiwiki/tiki-special_chars.php)
At the lines between 166-168 :
name="ins" value="ins" />
      ">, you can see it..
The attacker can succesfully launch XSS attacks with loading payload on to the URL area_name variable.

Download the new release : Tikiwiki 1.9.9
from http://sourceforge.net/project/showfiles.php?group_id=64258&package_id=112134&release_id=563456 

The vulnerabilities found on 17 December  2007
by Mesut Timur 
H - Security Labs , http://www.h-labs.org 
Gebze Institute of Technology
Department of Computer Engineering

Vendor Confirmation : http://tikiwiki.org/ReleaseProcess199 
Original Advisory : http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html 
Don't get caught with egg on your face. Play Chicktionary!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH