[Show/Hide Right Column]

Bugs & Wish list Help

View Item

Statusclosed closed
Rating 1 2 3 4 5 (1) Help
Rating -2 -1 1 2 (0) Help
Ticket ID 927
Subject tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss
Submitted by auditor
Category Bug: Error
Version 1.9.x
Feature Security

there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius-
a anonymous user can dump the mysql user & passwd just by creating a mysql error with the "sort_mode" var , with those following links :

i did install tikiwiki 1.9.5 the 31 october 2006 , i did try this on my dedicated server & in local on my computer .
a proof of concept is disponible here : http://cockor.free.fr/PoC.swf
there's also a xss here : /tiki-featured_link.php?type=f&url=" ></iframe>alert('XSS') <!-- regards , securfrog

Importance 9 high
Volunteered to solve ohertel

- fixed for 1.9 CVS
- xss vulnerability fixed

merge into 1.10 on the way

Resolution status Fixed
Lastmod by auditor
WishList Team - TODO - Confirm Bug on Trunk No
WishList Team - TODO - Find on 9x No
WishList Team - TODO - Find Culprit No
Created Wednesday 01 November, 2006 18:08:05 CET
LastModif Wednesday 01 November, 2006 18:52:37 CET

Spaces [toggle]

Search Wishes (subject only) [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

TogetherButton [toggle]

Documentation: PluginTogether