2015-03-24 06:51:44 +01:00
|
|
|
Respected Sir,
|
|
|
|
Your website "webconverger.org" is vulnerable to XSS Attack.
|
|
|
|
|
|
|
|
Vulnerable Links:
|
|
|
|
webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
|
|
|
|
|
|
|
|
How To Reproduce The Vulnerability :
|
2015-03-30 12:56:25 +02:00
|
|
|
|
2015-03-24 06:51:44 +01:00
|
|
|
1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
|
|
|
|
2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
|
|
|
|
3. forward the request
|
|
|
|
|
|
|
|
XSS Payload :
|
2015-03-30 12:56:25 +02:00
|
|
|
|
|
|
|
1. `"></script><script>prompt(909043)</script>`
|
|
|
|
2. `"></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>`
|
|
|
|
3. `"></script><script>prompt(document.cookie)</script>`
|
2015-03-24 06:51:44 +01:00
|
|
|
|
|
|
|
NOTE : Proof of concept is attached.
|
|
|
|
|
|
|
|
|
|
|
|
Thank You...!!
|
|
|
|
|
|
|
|
|
|
|
|
Your Faithfully,
|
|
|
|
Raghav Bisht
|
|
|
|
raghav007bisht@gmail.com
|
2015-03-27 17:17:39 +01:00
|
|
|
|
|
|
|
> Thanks Raghav for reporting this issue. I've fixed it in ikiwiki.
|
|
|
|
>
|
|
|
|
> --[[Joey]]
|
2015-03-30 13:02:01 +02:00
|
|
|
|
|
|
|
>> [[Fix released|done]] as [[news/version_3.20150329]].
|
|
|
|
>>
|
|
|
|
>> Please try to report security vulnerabilities in private first,
|
|
|
|
>> to give maintainers a chance to fix them without making it easier
|
|
|
|
>> for attackers to exploit the newly discovered vulnerability
|
|
|
|
>> until the maintainer can respond ("[[!wikipedia responsible disclosure]]").
|
|
|
|
>> In this particular case, I was away from my computer for a few days
|
|
|
|
>> and was unable to make a release until I got back. --[[smcv]]
|
2015-04-14 15:27:33 +02:00
|
|
|
|
|
|
|
> Are versions `3.20120629` or `3.20130904.1~bpo70+1` vulnerable? (`wheezy` and
|
|
|
|
> `wheezy-backports`, respectively) — [[Jon]]
|
2015-04-14 19:33:32 +02:00
|
|
|
|
|
|
|
>> 3.20120629 is vulnerable; fixed in 3.20120629.2, which is in the proposed-updates
|
|
|
|
>> queue (the security team declined to issue a DSA). The blogspam plugin doesn't
|
|
|
|
>> work in wheezy either; again, a fix is in the proposed-updates queue.
|
|
|
|
>>
|
|
|
|
>> 3.20130904.1~bpo70+1 is almost certainly vulnerable, it looks as though someone
|
|
|
|
>> has done a drive-by backport but not kept it updated. None of ikiwiki's Debian
|
|
|
|
>> maintainers are involved in that backport; the .deb from jessie (or even from
|
|
|
|
>> experimental) works fine on wheezy without recompilation. I use the latest
|
|
|
|
>> upstream release from experimental on my otherwise-Debian-7 server. --[[smcv]]
|