|
Title:=0D
[Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability=0D
=0D
Author:=0D
Kil13r - http://www.kil13r.info/=0D
=0D
Local / Remote:=0D
Remote=0D
=0D
Timeline:=0D
2006/06/28 - Discovery=0D
2006/06/28 - Vendor notification=0D
2006/06/30 - Vendor notification=0D
2006/07/01 - Release=0D
=0D
Affected version:=0D
MoniWiki 1.1.1 or earlier=0D
=0D
Not affected version:=0D
=0D
Description:=0D
MoniWiki is wiki software, but that has vulnerability.=0D
It can run arbitrary Javascript code by end user.=0D
=0D
If victim execute arbitrary Javascript code, attacker can steal victim's cookie.=0D
=0D
Proof of Concept code:=0D
None=0D
=0D
Proof of Concept example:=0D
=0D">http://www.victim.com/wiki.php/">=0D
=0D
Proof of Concept screenshot:=0D
http://www.kil13r.info/sa/xss/moniwikixss.jpg=0D
=0D
-=0D
The Bird of Hermes is my name,=0D
Eating my wings to make me tame.=0D