Fullscreen
Loading...
 
[Show/Hide Right Column]

Close
noteNote
This page is to document "what Tiki should do". For feature documentation (what Tiki does), please see corresponding page on doc site

Bugs & Wish list Help

View Item

Statusclosed closed
Rating 1 2 3 4 5 (1) Help
Rating -2 -1 1 2 (0) Help
Ticket ID 927
Subject tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss
Submitted by auditor
Category Bug: Error
Version 1.9.x
2.x
Feature Security
Description

there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius-
a anonymous user can dump the mysql user & passwd just by creating a mysql error with the "sort_mode" var , with those following links :
/tiki-listpages.php?offset=0&sort_mode=
/tiki-lastchanges.php?days=1&offset=0&sort_mode=
/messu-archive.php?sort_mode=
/messu-mailbox.php?sort_mode=
/messu-sent.php?sort_mode=
/tiki-directory_add_site.php?sort_mode=
/tiki-directory_ranking.php?sort_mode=
/tiki-directory_search.php?sort_mode=
/tiki-forums.php?sort_mode=
/tiki-view_forum.php?forumId=
/tiki-friends.php?sort_mode=
/tiki-list_blogs.php?sort_mode=
/tiki-list_faqs.php?sort_mode=
/tiki-list_trackers.php?sort_mode=
/tiki-list_users.php?sort_mode=
/tiki-my_tiki.php?sort_mode=
/tiki-notepad_list.php?sort_mode=
/tiki-orphan_pages.php?sort_mode=
/tiki-shoutbox.php?sort_mode=
/tiki-usermenu.php?sort_mode=
/tiki-webmail_contacts.php?sort_mode=

i did install tikiwiki 1.9.5 the 31 october 2006 , i did try this on my dedicated server & in local on my computer .
a proof of concept is disponible here : http://cockor.free.fr/PoC.swf
there's also a xss here : /tiki-featured_link.php?type=f&url=" ></iframe>alert('XSS') <!-- regards , securfrog

Importance 9 high
Volunteered to solve ohertel
Solution

- fixed for 1.9 CVS
- xss vulnerability fixed

merge into 1.10 on the way

Resolution status Fixed
Lastmod by auditor
WishList Team - TODO - Confirm Bug on Trunk No
WishList Team - TODO - Find on 9x No
WishList Team - TODO - Find Culprit No
Created Wednesday 01 November, 2006 18:08:05 CET
LastModif Wednesday 01 November, 2006 18:52:37 CET


Spaces [toggle]

Search Wishes (subject only) [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.




TogetherButton [toggle]

Documentation: PluginTogether