CLiki Cross Site Scripting

2012.02.09

Credit: Sony

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: CLiki Cross Site Scripting
# Date: 8.02.2012
# Author: Sony
# Software Link: http://www.cliki.net
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/cliki-cross-site-scripting.html
..................................................................

http://en.wikipedia.org/wiki/CLiki

Simple persistent xss.

Create New Page and put xss code and save this.

And you can see xss on the page.

Also we can see our xss on the "Recent Changes" Page.

http://www.cliki.net/Recent%20Changes

http://2.bp.blogspot.com/-bVPzmm6YAlY/TzKyybsoNMI/AAAAAAAAAcc/9GXowU-nf8w/s1600/12.JPG

..................................................................

InSecurity.Ro

Because we care, we're security aware!

References:

http://www.cliki.net

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

CLiki Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

CLiki Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.