Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple security issues in TikiWiki 1.9.x

from [Moritz Naumann] Network Security [Permanent Link]
Subject: Multiple security issues in TikiWiki 1.9.x
Date: Wed, 09 Nov 2005 17:44:55 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SA0003

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++    Multiple security issues in TikiWiki 1.9.x     +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


PUBLISHED ON
  Nov 09, 2005


PUBLISHED AT
  http://moritz-naumann.com/adv/0003/tikiw/0003.txt
  http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig


PUBLISHED BY
  Moritz Naumann IT Consulting & Services
  Hamburg, Germany
  http://moritz-naumann.com/

  info AT moritz HYPHON naumann D0T com
  GPG key: http://moritz-naumann.com/keys/0x277F060C.asc


AFFECTED APPLICATION OR SERVICE
  TikiWiki
  http://tikiwiki.org/


AFFECTED VERSION
  1.9.x up to and including 1.9.2
  Possibly versions < 1.9 (untested)


BACKGROUND
  "Tikiwiki is a full featured Free Software (GNU/LGPL)
  Wiki/CMS/Groupware written in PHP and maintained by an
  active and international community of benevolent
  contributors."


ISSUE 1 (XSS)
  A XSS vulnerability has been detected in the fora code
  of TikiWiki. The problem is caused by insufficient input
  sanitation.

  The following partial URL demonstrates the issue:

[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_offset=10%22%20onmouseover='javascript:alert(document.title)%3B'%3E[PLEASE%20MOVE%20YOUR%20MOUSE%20POINTER%20HERE!]%20%3Cx%20y=%22

  Please move your mouse pointer over the input field
  which says so.


ISSUE 2 (Information Disclosure, possible SQL injection)

  The application discloses the installation path. This
  *may* also be useable to craft an SQL injection.

  The following partial URL demonstrates the issue:

[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_sort_mode=FOOBAH


WORKAROUND
  Issue 1: Disable Javascript (client) or deny access to
  TikiWiki (server).
  Issue 2: Set PHP to log errors to file only (issue 2).


SOLUTIONS
  We are not aware of a maintainer provided fix.


TIMELINE
  Oct  6, 2005: Maintainer informed
  Oct  6, 2005: First maintainer reply
  Oct 14, 2005: Request for additional information sent
    to maintainer
  [in between]: issues fixed on maintainer website
  Nov 09, 2005: Public disclosure


REFERENCES
  Issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3528
  Issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3529


ADDITIONAL CREDIT
  N/A


LICENSE
  Creative Commons Attribution-ShareAlike License Germany
  http://creativecommons.org/licenses/by-sa/2.0/de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDcieHn6GkvSd/BgwRAvmjAJ0bAOZ/wvtJ6cxo0I6qbq09kMl8MgCZAYwp
g/uC6sZOj1V9DCXo8XdOv3U=
=IJXk
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  CYBSEC - Security Advisory: Multiple XSS in SAP WAS, Leandro Meiners
Next by Date:  Antville 1.1 Cross Site Scripting, Moritz Naumann
Previous by Thread:  CYBSEC - Security Advisory: Multiple XSS in SAP WAS, Leandro Meiners
Next by Thread:  Re: Multiple security issues in TikiWiki 1.9.x, mose
Indexes:  [Date] [Thread] [Top] [All Lists]