# Exploit Title: TWiki Cross Site Scripting
# Date: 31.01.2012
# Author: Sony
# Software Link: http://www.twiki.org
# Google Dorks: intext:powered by twiki
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html
..................................................................

Persistent xss in the TWiki.

After registration we edit in our profile and in the field "organization"
put our xss code and save this.

Demo:

http://twiki.org/cgi-bin/view/Main/SonyStyleas

http://www.thesecurityweb.co.uk/twiki/bin/view.pl/Security/SonyStyles

http://3.bp.blogspot.com/-ZnD0YOHG5ck/Tyb3lngkGyI/AAAAAAAAAWk/7VN-WRtMKOE/s1600/twik1.JPG

http://wiki.clamav.net/bin/view/Main/SonyStyles

http://1.bp.blogspot.com/-zy_8abwPxvY/Tyb4DHZE18I/AAAAAAAAAWw/8TkIiIx7MMo/s1600/twiki2.JPG

And we have a lot of web sites with twiki..

http://www.nevis.columbia.edu/twiki/bin/view/
http://me317.stanford.edu/twiki/bin/view
http://doc.runbox.com/twiki/bin/view
http://www.program-transformation.org/TWiki/WebIndex
http://support.ntp.org/bin/view/Support/

etc..you can see in google..