TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
BID:26211
Info
TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
| Bugtraq ID: | 26211 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2007 12:00AM |
| Updated: | Oct 26 2007 07:26PM |
| Credit: | L4teral <[email protected]> is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
TikiWiki Project TikiWiki 1.9.8 1 TikiWiki Project TikiWiki 1.9.8 TikiWiki Project TikiWiki 1.9.7 TikiWiki Project TikiWiki 1.9.6 TikiWiki Project TikiWiki 1.9.5 TikiWiki Project TikiWiki 1.9.4 TikiWiki Project TikiWiki 1.9.3 1 TikiWiki Project TikiWiki 1.9.2 TikiWiki Project TikiWiki 1.9.1 .1 TikiWiki Project TikiWiki 1.9.1 TikiWiki Project TikiWiki 1.9 -rc3.1 TikiWiki Project TikiWiki 1.9 -rc3 TikiWiki Project TikiWiki 1.9 -rc2 TikiWiki Project TikiWiki 1.9 -rc1 TikiWiki Project TikiWiki 1.8.5 TikiWiki Project TikiWiki 1.8.4 TikiWiki Project TikiWiki 1.8.3 TikiWiki Project TikiWiki 1.8.2 TikiWiki Project TikiWiki 1.8.1 TikiWiki Project TikiWiki 1.8 TikiWiki Project TikiWiki 1.7.9 TikiWiki Project TikiWiki 1.7.8 TikiWiki Project TikiWiki 1.7.7 TikiWiki Project TikiWiki 1.7.6 TikiWiki Project TikiWiki 1.7.5 TikiWiki Project TikiWiki 1.7.4 TikiWiki Project TikiWiki 1.7.3 TikiWiki Project TikiWiki 1.7.2 TikiWiki Project TikiWiki 1.7.1 .1 TikiWiki Project TikiWiki 1.6.1 TikiWiki Project TikiWiki 1.9.3.2 |
| Not Vulnerable: |
TikiWiki Project TikiWiki 1.9.8.2 |
Discussion
TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
TikiWiki is prone to multiple cross-site scripting and local file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code or view files that may contain sensitive information. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to TikiWiki 1.9.8.2.
TikiWiki is prone to multiple cross-site scripting and local file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code or view files that may contain sensitive information. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to TikiWiki 1.9.8.2.
Exploit / POC
TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into following a malicious URI. For the local file-include vulnerabilities, attackers can use a browser.
The following proof-of-concept URIs are available:
To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into following a malicious URI. For the local file-include vulnerabilities, attackers can use a browser.
The following proof-of-concept URIs are available:
Solution / Fix
TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
TikiWiki Project TikiWiki 1.9.3.2
TikiWiki Project TikiWiki 1.6.1
TikiWiki Project TikiWiki 1.7.1 .1
TikiWiki Project TikiWiki 1.7.2
TikiWiki Project TikiWiki 1.7.3
TikiWiki Project TikiWiki 1.7.4
TikiWiki Project TikiWiki 1.7.5
TikiWiki Project TikiWiki 1.7.6
TikiWiki Project TikiWiki 1.7.7
TikiWiki Project TikiWiki 1.7.8
TikiWiki Project TikiWiki 1.7.9
TikiWiki Project TikiWiki 1.8
TikiWiki Project TikiWiki 1.8.1
TikiWiki Project TikiWiki 1.8.2
TikiWiki Project TikiWiki 1.8.3
TikiWiki Project TikiWiki 1.8.4
TikiWiki Project TikiWiki 1.8.5
TikiWiki Project TikiWiki 1.9 -rc3
TikiWiki Project TikiWiki 1.9 -rc3.1
TikiWiki Project TikiWiki 1.9 -rc2
TikiWiki Project TikiWiki 1.9 -rc1
TikiWiki Project TikiWiki 1.9.1
TikiWiki Project TikiWiki 1.9.1 .1
TikiWiki Project TikiWiki 1.9.2
TikiWiki Project TikiWiki 1.9.3 1
TikiWiki Project TikiWiki 1.9.4
TikiWiki Project TikiWiki 1.9.5
TikiWiki Project TikiWiki 1.9.6
TikiWiki Project TikiWiki 1.9.7
TikiWiki Project TikiWiki 1.9.8 1
TikiWiki Project TikiWiki 1.9.8
Solution:
The vendor released an update to address these issues. Please see the references for more information.
TikiWiki Project TikiWiki 1.9.3.2
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.6.1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.1 .1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.2
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.3
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.4
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.5
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.6
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.7
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.8
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.7.9
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8.1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8.2
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8.3
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8.4
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.8.5
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9 -rc3
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9 -rc3.1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9 -rc2
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9 -rc1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.1 .1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.2
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.3 1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.4
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.5
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.6
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.7
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.8 1
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
TikiWiki Project TikiWiki 1.9.8
-
TikiWiki Project TikiWiki 1.9.8.2
https://sourceforge.net/project/showfiles.php?group_id=64258&package_i d=112134&release_id=549549
References
TikiWiki Multiple Cross-Site Scripting and Local File Include Vulnerabilities
References:
References:
- Sourceforge TikiWiki Site (Thomas Schwartz)
- TikiWiki Homepage (TikiWiki)
- TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion (L4teral
)