HTB23170: cross-site scripting (XSS) in WikkaWiki 1.3.4

Viewing 0 reply threads
  • Author
    Posts
    • #8578
      AndyP
      Participant

      Advisory ID: HTB23170
      Product: WikkaWiki
      Vendor: Wikka Development Team
      Vulnerable Versions: 1.3.4 and probably prior
      Tested Version: 1.3.4
      Vendor Notification: August 21, 2013
      Vendor Fix: August 31, 2013
      Public Disclosure: September 11, 2013
      Vulnerability Type: Cross-Site Scripting [CWE-79]
      CVE Reference: CVE-2013-5586
      Risk Level: Medium
      CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
      Solution Status: Fixed by Vendor
      Discovered and Provided: High-Tech Bridge Security Research Lab

      Advisory Details:
      High-Tech Bridge Security Research Lab discovered vulnerability in WikkaWiki, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.

      1) Cross-Site Scripting (XSS) in WikkaWiki: CVE-2013-5586
      The vulnerability exists due to insufficient sanitisation of user-supplied data in “wakka” HTTP GET parameter passed to “/sql/” URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
      The exploitation example below uses JavaScript “alert()” function to display user’s cookies:


      http://[host]/sql/?wakka=sql&wakka=%22onmouseover=%22javascript:alert%28document.cookie%29;%22%3Elin k%3C/a%3E

      Solution:
      Update to Wikka 1.3.4-p1

      More Information:
      http://docs.wikkawiki.org/WhatsNew
      https://wush.net/trac/wikka/ticket/1152

      References:
      [1] High-Tech Bridge Advisory HTB23170 – Cross-Site Scripting (XSS) in WikkaWiki.
      [2] WikkaWiki – http://www.wikkawiki.org – WikkaWiki is a flexible, standards-compliant and lightweight wiki engine written in PHP, which uses MySQL to store pages.
      [3] Common Vulnerabilities and Exposures (CVE) – http://cve.mitre.org/ – international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
      [4] Common Weakness Enumeration (CWE) – http://cwe.mitre.org – targeted to developers and security practitioners, CWE is a formal list of software weakness types.
      [5] ImmuniWeb® – is High-Tech Bridge’s proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?