Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMoritz-naumann.comPACKETSTORM:41440
HistoryNov 10, 2005 - 12:00 a.m.

0003.txt

2005-11-1000:00:00
moritz-naumann.com
packetstormsecurity.com
38

0.012 Low

EPSS

Percentile

85.0%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
  
  
SA0003  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
+++++ Multiple security issues in TikiWiki 1.9.x +++++  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
PUBLISHED ON  
Nov 09, 2005  
  
  
PUBLISHED AT  
http://moritz-naumann.com/adv/0003/tikiw/0003.txt  
http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig  
  
  
PUBLISHED BY  
Moritz Naumann IT Consulting & Services  
Hamburg, Germany  
http://moritz-naumann.com/  
  
info AT moritz HYPHON naumann D0T com  
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc  
  
  
AFFECTED APPLICATION OR SERVICE  
TikiWiki  
http://tikiwiki.org/  
  
  
AFFECTED VERSION  
1.9.x up to and including 1.9.2  
Possibly versions < 1.9 (untested)  
  
  
BACKGROUND  
"Tikiwiki is a full featured Free Software (GNU/LGPL)  
Wiki/CMS/Groupware written in PHP and maintained by an  
active and international community of benevolent  
contributors."  
  
  
ISSUE 1 (XSS)  
A XSS vulnerability has been detected in the fora code  
of TikiWiki. The problem is caused by insufficient input  
sanitation.  
  
The following partial URL demonstrates the issue:  
  
[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_offset=10%22%20onmouseover='javascript:alert(document.title)%3B'%3E[PLEASE%20MOVE%20YOUR%20MOUSE%20POINTER%20HERE!]%20%3Cx%20y=%22  
  
Please move your mouse pointer over the input field  
which says so.  
  
  
ISSUE 2 (Information Disclosure, possible SQL injection)  
  
The application discloses the installation path. This  
*may* also be useable to craft an SQL injection.  
  
The following partial URL demonstrates the issue:  
  
[baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_sort_mode=FOOBAH  
  
  
WORKAROUND  
Issue 1: Disable Javascript (client) or deny access to  
TikiWiki (server).  
Issue 2: Set PHP to log errors to file only (issue 2).  
  
  
SOLUTIONS  
We are not aware of a maintainer provided fix.  
  
  
TIMELINE  
Oct 6, 2005: Maintainer informed  
Oct 6, 2005: First maintainer reply  
Oct 14, 2005: Request for additional information sent  
to maintainer  
[in between]: issues fixed on maintainer website  
Nov 09, 2005: Public disclosure  
  
  
REFERENCES  
Issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3528  
Issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3529  
  
  
ADDITIONAL CREDIT  
N/A  
  
  
LICENSE  
Creative Commons Attribution-ShareAlike License Germany  
http://creativecommons.org/licenses/by-sa/2.0/de/  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.1 (GNU/Linux)  
  
iD8DBQFDcigMn6GkvSd/BgwRAnfxAJ93CwGPU6+bGrYrYSX4AoXcWmOerACfecUN  
b/XTfSxhrOl9eRV4GVBBINI=  
=DMEp  
-----END PGP SIGNATURE-----  
`

Related

securityvulns 1
cve 2
nvd 2
cvelist 2
securityvulns
securityvulns
Multiple security issues in TikiWiki 1.9.x
2005-11-10 00:00:00
cve
cve
CVE-2005-3528
2005-11-20 22:03:00
CVE-2005-3529
2005-11-20 22:03:00
nvd
nvd
CVE-2005-3528
2005-11-20 22:03:00
CVE-2005-3529
2005-11-20 22:03:00
cvelist
cvelist
CVE-2005-3529
2005-11-20 22:00:00
CVE-2005-3528
2005-11-20 22:00:00

0.012 Low

EPSS

Percentile

85.0%

JSON
Related for PACKETSTORM:41440
securityvulns1cve2nvd2cvelist2