JSPWiki Multiple Input Validation Vulnerabilities
BID:25803
Info
JSPWiki Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 25803 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5120 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Jason Kratzer is credited with the discovery of these issues. |
| Vulnerable: |
JSPWiki JSPWiki 2.5.139 Beta JSPWiki JSPWiki 2.4.103 JSPWiki JSPWiki 2.1.123 JSPWiki JSPWiki 2.1.122 JSPWiki JSPWiki 2.1.121 JSPWiki JSPWiki 2.1.120 JSPWiki JSPWiki 2.4 |
| Not Vulnerable: |
JSPWiki JSPWiki 2.4.104 |
Discussion
JSPWiki Multiple Input Validation Vulnerabilities
JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input.
Attacker-supplied HTML and script code will run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to JSPWiki 2.5.138-beta are vulnerable.
JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input.
Attacker-supplied HTML and script code will run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to JSPWiki 2.5.138-beta are vulnerable.
Exploit / POC
JSPWiki Multiple Input Validation Vulnerabilities
Attackers may exploit these issues through a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following URIs demonstrate the cross-site scripting issues:
http://www.example.com/wiki/NewGroup.jsp?group=[XSS]
http://www.example.com/wiki/Edit.jsp?page=Main&action=save&edittime=1186698299838&addr=127.0.0.1&_editedtext=[XSS]&changenote=[XSS]&ok=Save
http://www.example.com/wiki/Comment.jsp?page=Main&action=save&edittime=1186698386737&addr=127.0.0.1&_editedtext=[XSS]&author=AnonymousCoward&link=&ok=Save
http://www.example.com/wiki/UserPreferences.jsp?tab=profile&loginname=[XSS]&password=test&password2=test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Login.jsp?tab=profile&loginname=[XSS]&password=Test&password2=Test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Diff.jsp?page=Administrator&r1=[XSS]&r2=[XSS]
Attackers may exploit these issues through a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following URIs demonstrate the cross-site scripting issues:
http://www.example.com/wiki/NewGroup.jsp?group=[XSS]
http://www.example.com/wiki/Edit.jsp?page=Main&action=save&edittime=1186698299838&addr=127.0.0.1&_editedtext=[XSS]&changenote=[XSS]&ok=Save
http://www.example.com/wiki/Comment.jsp?page=Main&action=save&edittime=1186698386737&addr=127.0.0.1&_editedtext=[XSS]&author=AnonymousCoward&link=&ok=Save
http://www.example.com/wiki/UserPreferences.jsp?tab=profile&loginname=[XSS]&password=test&password2=test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Login.jsp?tab=profile&loginname=[XSS]&password=Test&password2=Test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Diff.jsp?page=Administrator&r1=[XSS]&r2=[XSS]
Solution / Fix
JSPWiki Multiple Input Validation Vulnerabilities
Solution:
The vendor released JSPWiki 2.4.104 and updated JSPWiki 2.5.139 beta to address these issues. Please see the references for more information.
JSPWiki JSPWiki 2.4
JSPWiki JSPWiki 2.1.120
JSPWiki JSPWiki 2.1.121
JSPWiki JSPWiki 2.1.122
JSPWiki JSPWiki 2.1.123
JSPWiki JSPWiki 2.4.103
Solution:
The vendor released JSPWiki 2.4.104 and updated JSPWiki 2.5.139 beta to address these issues. Please see the references for more information.
JSPWiki JSPWiki 2.4
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
JSPWiki JSPWiki 2.1.120
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
JSPWiki JSPWiki 2.1.121
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
JSPWiki JSPWiki 2.1.122
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
JSPWiki JSPWiki 2.1.123
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
JSPWiki JSPWiki 2.4.103
-
JSPWiki JSPWiki-2.4.104-bin.zip
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/JSPWiki-2.4.104-bin.zip
References
JSPWiki Multiple Input Validation Vulnerabilities
References:
References:
- 2.4.104 Changelog (JSPWiki)
- JSPWIki Home Page (JSPWiki)
- JSPWiki Multiple Vulnerabilities (Jason Kratzer)