AOH :: HP Unsorted P :: BT-30109.HTM

pmwiki: persistent cross site scripting (XSS), CVE-2010-1481



pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481



--nextPart1470578.X2KvzjoVCA
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

pmwiki: persistent cross site scripting (XSS), CVE-2010-1481

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481 
http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html 

Description

The table feature of pmwiki is vulnerable to persistent cross site scripting 
(XSS). The value of the width-parameter is not proberly escaped on output, so 
one can put quotes in it. This makes it possible to use a JavaScript event 
handler inside the first table field to inject code.

Example:

||width="
|| " onMouseOver=alert(1) " ||test||

The vendor has been contacted, but has not replied to my report.

Disclosure Timeline

2010-04-19: Vendor contacted
2010-05-07: Published advisory

Credits

This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of 
schokokeks.org webhosting.

=2D- 
Hanno B=C3=B6ck		Blog:		http://www.hboeck.de/ 
GPG: 3DBD3B20		Jabber/Mail:	hanno@hboeck.de 

http://schokokeks.org - professional webhosting 

--nextPart1470578.X2KvzjoVCA
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iEYEABECAAYFAkvkB9EACgkQr2QksT29OyA8igCeMRQbreY7IrVSspYOXS782fOO
xWAAnAq0Udv0KRQgHnCfRrMII3jkq4+i
=FtQe
-----END PGP SIGNATURE-----

--nextPart1470578.X2KvzjoVCA--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.