|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11344] TikiWiki Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Apr 12 2004 - 13:10:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
TikiWiki Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA11344
VERIFY ADVISORY:
http://secunia.com/advisories/11344/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of sensitive
information, System access
WHERE:
From remote
SOFTWARE:
TikiWiki 1.x
DESCRIPTION:
JeiAr has discovered multiple vulnerabilities in TikiWiki, allowing
malicious people to conduct Cross Site Scripting, SQL injection,
script insertion attacks and compromise a vulnerable system.
1) Path information can be disclosed by supplying invalid input or
requesting certain scripts directly.
2) Input to multiple scripts isn't properly verified before it is
returned to the user. This can be exploited to execute arbitrary HTML
or script code in a user's browser session in context of an affected
site by tricking the user into visiting a malicious website or follow
a specially crafted link.
3) Input passed to multiple scripts isn't properly sanitised before
it is used in SQL queries. This allows manipulation of SQL queries by
injecting arbitrary SQL code.
4) Certain parameters in various functionality allow URLs and scripts
to be inserted. These can contain references to administrative
functions, which will be executed when an administrative user views a
profile or page with malicious links.
5) An input validation error can be exploited to access directories
outside the web root via the "../" directory traversal character
sequence.
6) It is possible to upload arbitrary files to "/img/wiki_up/"
folder. This can be exploited to place arbitrary code on the system.
This has been reported to affect version 1.8 and prior.
SOLUTION:
This has been fixed in TikiWiki 1.8.2 (Polaris).
PROVIDED AND/OR DISCOVERED BY:
JeiAr of the GulfTech Security Research Team
ORIGINAL ADVISORY:
http://www.gulftech.org/04112004.php
http://tikiwiki.org/tiki-read_article.php?articleId=66
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]