Multiple Stored XSS Vulnerabilities in Wiki Web Help

vendor:

Wiki Web Help

by:

Shai rod

9,3

CVSS

HIGH

Stored XSS

CWE

Product Name: Wiki Web Help

Affected Version From: 0.3.9

Affected Version To: 0.3.9

Patch Exists: YES

Related CWE: N/A

CPE: a:wikiwebhelp:wiki_web_help

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Multiple Stored XSS Vulnerabilities in Wiki Web Help

AJAX based wiki designed to operate like a desktop help viewer(chm) is vulnerable to multiple stored XSS vulnerabilities. The first XSS can be triggered by inserting a Javascript payload in the 'Tags' field when editing tags. The second XSS can be triggered by inserting a Javascript payload in the 'New Page Name' field when adding a new page. The third XSS can be triggered by inserting a Javascript payload in the Page editor when editing a page. All XSS will be triggered on all users visiting the Wiki.

Mitigation:

Upgrade to the latest version of Wiki Web Help.

Source

Exploit-DB raw data:

# Exploit Title: Multiple Stored XSS Vulnerabilities in Wiki Web Help.
# Date: 23/08/2012
# Exploit Author: Shai rod (@NightRang3r)
# Vendor Homepage: http://wikiwebhelp.org
# Software Link: http://sourceforge.net/projects/wwh/files/wwh-0.3.9.7z/download
# Version: 0.3.9

#Gr33Tz: @aviadgolan , @benhayak, @nirgoldshlager, @roni_bachar


About the Application:
======================

AJAX based wiki designed to operate like a desktop help viewer(chm).


Vulnerability Description
=========================

1. Stored XSS in Edit Tags.

Steps to reproduce the issue:

1.1. Click "Edit Tags"
1.2. In the "Tags" field insert the Javascript payload: <img src='1.jpg'onerror=javascript:alert("XSS")>
1.3. Click the "Update" button. 


2. Stored XSS in Node Name.

Steps to reproduce the issue:

2.1. Right click on an object in the Contents tree on the left side of the page.
2.2. In the "Node Option" window select "Add".
2.3. In the "New Page Name" field insert the Javascript payload: <img src='1.jpg'onerror=javascript:alert("XSS")>

* Both XSS will be triggered on all users visiting the Wiki.


3. Stored XSS in Page Body (href).

Steps to reproduce the issue:

3.1. Choose a Page.
3.2. Click "Edit".
3.2. In the Page editor insert: [javascript:alert(/XSS/),Click Me] 
3.3. Click the "Save" button.

XSS Will be triggerd once the user clicks on the link.