what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

JAMWiki 1.1.4 Cross Site Scripting

JAMWiki 1.1.4 Cross Site Scripting
Posted Mar 30, 2012
Authored by Sooraj K.S | Site secpod.com

JAMWiki version 1.1.4 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a434a12f95e083d4e37bd69a090f4a82a49d407c4756262d732f4e0e3f3a399

JAMWiki 1.1.4 Cross Site Scripting

Change Mirror Download
##############################################################################
#
# Title : JAMWiki 'num' Parameter Cross Site Scripting Vulnerability
# Author : Sooraj K.S SecPod Technologies (www.secpod.com)
# Vendor : http://jamwiki.org/wiki/en/JAMWiki
# Advisory : http://secpod.org/blog/?p=493
# http://secpod.org/advisories/SecPod_JamWiki_XSS_Vuln.txt
# Software : JAMWiki 1.1.4
# Date : 30/03/2012
#
###############################################################################

SecPod ID: 1036 13/12/2011 Issue Discovered
21/02/2012 Vendor Notified
21/02/2012 Vendor Acknowledge
13/03/2012 Issue Resolved

Class: Cross-Site Scripting Severity: Medium


Overview:
---------
JAMWiki is prone to cross-site scripting vulnerability.


Technical Description:
----------------------
JAMWiki: Java-based Wiki engine is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied input.

Input passed via the 'num' parameter in Special:AllPages is not properly
verified before it is returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in the context of
a vulnerable site. This may allow the attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in JAMWiki 1.1.3 and 1.14. Other versions may
also be affected.


Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
JAMWiki 1.1.4 and prior.


Reference:
---------
http://secpod.org/blog/?p=493
http://jamwiki.org/wiki/en/JAMWiki
http://jira.jamwiki.org/browse/JAMWIKI-76
http://secpod.org/advisories/SecPod_JamWiki_XSS_Vuln.txt


Proof of Concept:
-----------------
http://www.example.com/jamwiki/en/Special:AllPages?num="<script>alert(document.cookie)</script>


Solution:
----------
Upgrade to JAMWiki 1.1.6


Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = NOT_REQUIRED
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = OFFICIAL_FIX
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
Risk factor = Medium


Credits:
--------
Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.

Login or Register to add favorites

File Archive:

October 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    0 Files
  • 2
    Oct 2nd
    22 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close