BID:52079

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

Info

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

Bugtraq ID:	52079
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 18 2012 12:00AM
Updated:	Feb 18 2012 12:00AM
Credit:	Sony
Vulnerable:	Tiki Wiki CMS Groupware Tiki Wiki CMS Groupware 0

Not Vulnerable:

Discussion

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

Tiki Wiki CMS Groupware is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

Exploit / POC

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URI is available:

http://www.example.com/tiki-featured_link.php?type=f&url=http://www.example2.com

Solution / Fix

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any recent information, please mail us at: [email protected].

References

Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Vulnerability

References:

Tiki Wiki CMS Groupware Homepage (Tiki Wiki CMS Groupware)