TWiki suffers from a cross site scripting vulnerability.
20fa13f95c0cbab3ce12b40327deb0594b221c8360e43b8dd5b2b43d7b2db51d
# Exploit Title: TWiki Cross Site Scripting
# Date: 31.01.2012
# Author: Sony
# Software Link: http://www.twiki.org
# Google Dorks: intext:powered by twiki
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html
..................................................................
Persistent xss in the TWiki.
After registration we edit in our profile and in the field "organization"
put our xss code and save this.
Demo:
http://twiki.org/cgi-bin/view/Main/SonyStyleas
http://www.thesecurityweb.co.uk/twiki/bin/view.pl/Security/SonyStyles
http://3.bp.blogspot.com/-ZnD0YOHG5ck/Tyb3lngkGyI/AAAAAAAAAWk/7VN-WRtMKOE/s1600/twik1.JPG
http://wiki.clamav.net/bin/view/Main/SonyStyles
http://1.bp.blogspot.com/-zy_8abwPxvY/Tyb4DHZE18I/AAAAAAAAAWw/8TkIiIx7MMo/s1600/twiki2.JPG
And we have a lot of web sites with twiki..
http://www.nevis.columbia.edu/twiki/bin/view/
http://me317.stanford.edu/twiki/bin/view
http://doc.runbox.com/twiki/bin/view
http://www.program-transformation.org/TWiki/WebIndex
http://support.ntp.org/bin/view/Support/
etc..you can see in google..