49 lines
No EOL
1.3 KiB
Text
49 lines
No EOL
1.3 KiB
Text
# Exploit Title: Multiple Stored XSS Vulnerabilities in Wiki Web Help.
|
|
# Date: 23/08/2012
|
|
# Exploit Author: Shai rod (@NightRang3r)
|
|
# Vendor Homepage: http://wikiwebhelp.org
|
|
# Software Link: http://sourceforge.net/projects/wwh/files/wwh-0.3.9.7z/download
|
|
# Version: 0.3.9
|
|
|
|
#Gr33Tz: @aviadgolan , @benhayak, @nirgoldshlager, @roni_bachar
|
|
|
|
|
|
About the Application:
|
|
======================
|
|
|
|
AJAX based wiki designed to operate like a desktop help viewer(chm).
|
|
|
|
|
|
Vulnerability Description
|
|
=========================
|
|
|
|
1. Stored XSS in Edit Tags.
|
|
|
|
Steps to reproduce the issue:
|
|
|
|
1.1. Click "Edit Tags"
|
|
1.2. In the "Tags" field insert the Javascript payload: <img src='1.jpg'onerror=javascript:alert("XSS")>
|
|
1.3. Click the "Update" button.
|
|
|
|
|
|
2. Stored XSS in Node Name.
|
|
|
|
Steps to reproduce the issue:
|
|
|
|
2.1. Right click on an object in the Contents tree on the left side of the page.
|
|
2.2. In the "Node Option" window select "Add".
|
|
2.3. In the "New Page Name" field insert the Javascript payload: <img src='1.jpg'onerror=javascript:alert("XSS")>
|
|
|
|
* Both XSS will be triggered on all users visiting the Wiki.
|
|
|
|
|
|
3. Stored XSS in Page Body (href).
|
|
|
|
Steps to reproduce the issue:
|
|
|
|
3.1. Choose a Page.
|
|
3.2. Click "Edit".
|
|
3.2. In the Page editor insert: [javascript:alert(/XSS/),Click Me]
|
|
3.3. Click the "Save" button.
|
|
|
|
XSS Will be triggerd once the user clicks on the link. |