Hello, I'm Jeremy Bae at STG Security, Inc. I've found the security vulnerability of Zwiki.
Due to an input validation flaw, the Zwiki is vulnerable to cross site scripting attacks.
Impacts Malicious attackers can inject and execute arbitrary script code in a user's browser session in context of an affected site.
recommend please filter user input.
XSS reference - CERT Advisory CA-2000-02 http://www.cert.org/advisories/CA-2000-02.html
- Microsoft HOWTO: Prevent Cross-Site Scripting Security Issues (Q252985) http://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985
- Microsoft Technet "Cross-site Scripting Overview" http://www.microsoft.com/technet/security/news/csoverv.mspx
Only works if your ZWiki is anonymously viewable -- Fri, 26 Nov 2004 01:11:07 -0800 reply
Interestingly, this only works if your ZWiki pages are anonymously accessible, otherwise the standard_error_message fails trying to access a page to find the .defaultPage() from, since standard_error_message is only ever executed as anonymous.
--- standard_error_message.dtml.original Fri Nov 26 09:17:22 2004 +++ standard_error_message.dtml Fri Nov 26 09:17:55 2004 @@ -29,7 +29,7 @@ <body> <p> I could not find any likely page matching - "<b><dtml-var "here.urlunquote(searchexpr)"></b>" + "<b><dtml-var "here.urlunquote(searchexpr)" html_quote></b>" </p> <p> Click here to