[Show/Hide Right Column]

Tracker Item: Bugs & Wish list Help

Print List Trackers View This Tracker's Items
No Tabs

View Comments (0) Attachments (0)

View Item

Statusclosed closed
Rating -2-1012(1)Help
Ticket ID 927
Subject tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss
Submitted by auditor
Priority 9 high
Category Bug: Error
Tiki Version 1.9.x
2.x
Feature Security
Description

there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius- a anonymous user can dump the mysql user & passwd just by creating a mysql error with the "sort_mode" var , with those following links : /tiki-listpages.php?offset=0&sort_mode= /tiki-lastchanges.php?days=1&offset=0&sort_mode= /messu-archive.php?sort_mode= /messu-mailbox.php?sort_mode= /messu-sent.php?sort_mode= /tiki-directory_add_site.php?sort_mode= /tiki-directory_ranking.php?sort_mode= /tiki-directory_search.php?sort_mode= /tiki-forums.php?sort_mode= /tiki-view_forum.php?forumId= /tiki-friends.php?sort_mode= /tiki-list_blogs.php?sort_mode= /tiki-list_faqs.php?sort_mode= /tiki-list_trackers.php?sort_mode= /tiki-list_users.php?sort_mode= /tiki-my_tiki.php?sort_mode= /tiki-notepad_list.php?sort_mode= /tiki-orphan_pages.php?sort_mode= /tiki-shoutbox.php?sort_mode= /tiki-usermenu.php?sort_mode= /tiki-webmail_contacts.php?sort_mode=

i did install tikiwiki 1.9.5 the 31 october 2006 , i did try this on my dedicated server & in local on my computer . a proof of concept is disponible here : http://cockor.free.fr/PoC.swf there's also a xss here : /tiki-featured_link.php?type=f&url=" ></iframe>alert('XSS') <!-- regards , securfrog

Solution

- fixed for 1.9 CVS - xss vulnerability fixed

merge into 1.10 on the way

Resolution status (legacy) Fixed
Assigned To Person Oliver Hertel
Lastmod by auditor
Created Wednesday 01 November, 2006 17:08:05 UTC
LastModif Wednesday 01 November, 2006 17:52:37 UTC


Search [toggle]

Search Wishes (subject only) [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Last Changed Items [toggle]

Last Comments [toggle]

Last Changed Pages [toggle]


Show php error messages