[Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability
Kil13r - http://www.kil13r.info/
Local / Remote:
2006/06/28 - Discovery
2006/06/28 - Vendor notification
2006/06/30 - Vendor notification
2006/07/01 - Release
2006/07/03 - Update
MoniWiki 1.1.1 or earlier
Not affected version:
MoniWiki 1.1.2-20060702 or after
MoniWiki is wiki software, but that has vulnerability.
In 2004, STG Security discovered MoniWiki XSS vulnerability and notified.
As a result, MoniWiki XSS vulnerability has been patched.
But, patch can be bypassed.
Proof of Concept code:
Proof of Concept example:
Proof of Concept screenshot:
The Bird of Hermes is my name,
Eating my wings to make me tame.