JAMWiki 1.1.4 Cross Site Scripting

2012.04.01
Credit: Sooraj K.S SecPod Technologies
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Title : JAMWiki 'num' Parameter Cross Site Scripting Vulnerability # Author : Sooraj K.S SecPod Technologies (www.secpod.com) # Vendor : http://jamwiki.org/wiki/en/JAMWiki # Advisory : http://secpod.org/blog/?p=493 # http://secpod.org/advisories/SecPod_JamWiki_XSS_Vuln.txt # Software : JAMWiki 1.1.4 # Date : 30/03/2012 SecPod ID: 1036 13/12/2011 Issue Discovered 21/02/2012 Vendor Notified 21/02/2012 Vendor Acknowledge 13/03/2012 Issue Resolved Class: Cross-Site Scripting Severity: Medium Overview: --------- JAMWiki is prone to cross-site scripting vulnerability. Technical Description: ---------------------- JAMWiki: Java-based Wiki engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Input passed via the 'num' parameter in Special:AllPages is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability has been tested in JAMWiki 1.1.3 and 1.14. Other versions may also be affected. Impact: -------- Successful exploitation allows an attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. Affected Software: ------------------ JAMWiki 1.1.4 and prior. Reference: --------- http://secpod.org/blog/?p=493 http://jamwiki.org/wiki/en/JAMWiki http://jira.jamwiki.org/browse/JAMWIKI-76 http://secpod.org/advisories/SecPod_JamWiki_XSS_Vuln.txt Proof of Concept: ----------------- http://www.example.com/jamwiki/en/Special:AllPages?num="<script>alert(document.cookie)</script> Solution: ---------- Upgrade to JAMWiki 1.1.6 Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NOT_REQUIRED CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = OFFICIAL_FIX REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) Risk factor = Medium Credits: -------- Sooraj K.S of SecPod Technologies has been credited with the discovery of this vulnerability.

References:

http://secpod.org/blog/?p=493
http://jamwiki.org/wiki/en/JAMWiki
http://jira.jamwiki.org/browse/JAMWIKI-76
http://secpod.org/advisories/SecPod_JamWiki_XSS_Vuln.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top