Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting

What is the "Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting?" module?

The "Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting" module is designed to detect a cross-site scripting vulnerability in Tiki Wiki CMS Groupware version 25.0. Tiki Wiki CMS Groupware is a software that provides a collaborative platform for creating and managing content. This module specifically targets version 25.0 of the software.

The severity of this vulnerability is classified as medium, indicating that it has the potential to cause significant harm if exploited.

Impact

A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to various consequences, such as unauthorized access to sensitive information, session hijacking, or the execution of arbitrary code on the victim's browser.

How the module works?

The module sends HTTP requests to the Tiki Wiki CMS Groupware application, specifically targeting the "/tiki/tiki-ajax_services.php?controller=comment&action=list&type=wiki+page&objectId=" endpoint. The module includes a payload in the request that contains a script tag with an alert function, which triggers a pop-up displaying the document's domain.

The module then applies matching conditions to the response received from the server. It checks if the response body contains the script tag and the phrase "Tiki Wiki CMS". Additionally, it verifies if the response header includes the "text/html" content type and if the HTTP status code is 403 (Forbidden).

If all the matching conditions are met, the module reports a vulnerability, indicating the presence of a cross-site scripting vulnerability in the Tiki Wiki CMS Groupware v25.0.