Re: [Tikiwiki-devel] CVE-2006-6457 tikiwiki vulnerable

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

luci aka Lukas Masek escreveu:
> On Wednesday, 24 of January 2007 1:11 pm, Alex de Oliveira Silva
> wrote:
>> Could you please check if tikiwiki version 1.9.7 is affected by
>> CVE-2006-6457?

Method to trigger this same bug is to pass a value that's too long -

tiki-wiki_rss.php?ver=-65535

can be negative or positive, the webapp pukes the same info.
>>
>> In addition, tiki-wiki_rss.php may suffer from an XSS
>> vulnerability (the affected site claims to run the 1.0 CVS
>> version, though):
>>
>> http://tikiwiki/tiki-wiki_rss.php?ver=555555555%3Cb%3E22362623external
>>  link
>>
>> Thank you in advanced.
>>
>>
>>
>> regards,
>
> no idea what is CVE-2006-6457 and the URL is invalid
>
> luci

http://"some url"/tiki-wiki_rss.php?ver=555555555%3Cb%3E22362623external


- --
   .''`.
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFt1SLarbczl+z12gRAhgVAJsHzkF/QDrWINV2odSDn+b69AgYDgCgzouM
G4d7Sv5Fw2HIDwp9KoJe8bc=
=Sv4q
-----END PGP SIGNATURE-----

Re: [Tikiwiki-devel] CVE-2006-6457 tikiwiki vulnerable

The Free / Libre / Open Source Web App with the most built-in features

Re: [Tikiwiki-devel] CVE-2006-6457 tikiwiki vulnerable