Bitweaver Cross-Site Scripting

Class: Cross-Site Scripting & SQL

Vendor: http://www.bitweaver.org/
Product: Bitweaver
Version: 2.0.0 & Previous
\lsces - Fixed in later versions

Examples:
(:exclaim:) A suitable example of that was used to test would be nice ... <script>alert('hi!');</script> is being used for test purposes.

/users/register.php/XSS
(:arrow:)http://bitweaver.org/users/register.php/<script>alert('hi!');</script>
/search/index.php/XSS
(:arrow:)[http://medw.co.uk/search/index.php/<script>alert('hi!');</script>
( Search is not used in bw.o - ilike and lucene are alternative search options)
/users/login.php?error=XSS
(:arrow:)http://www.bitweaver.org/users/register.php/<script>alert('hi!');</script>

Persistent XSS:

If comments are allowed, attackers can use this url /wiki/index.php?page_id=1#editcomments
to POST evil scripts and PHP code into the page. Sanitizing the input will prevent intrusion.

Also we see that on forums there is the same issue: (NEED TO SANITIZE THE INPUT)

/forums/index.php?t=1&post_comment_reply_id=1&post_comment_request=1#editcomments
See attached comment below - but we also need to demonstrate on on alternate site configurations

White Screen of Death: (SQL Injection)

Critical information is listed o nthis page when you inject evil code.
Some work if you inject JavaScript Code into the Search box and some show
this page by following url: /wiki/list_pages.php?sort_mode='
White Screen of Death: should only be ENABLED while testing a site. Live sites should give a more suitable output.
(:arrow:)http://www.bitweaver.org//wiki/list_pages.php?sort_mode='
Putting a ' in search on http://medw.co.uk/search/index.php/ is also safe.

By Search:

/search/index.php?tk=316dccdfb62a3cad613e&highlight=SQL_INJECTION=&search=go
SQL_INJECTION has been addressed, but is more difficult to test, since it can also be dependent on database engine being used. The above example would fail anyway since it is highly unlikely that the ticket would be valid.

Google Dork: Powered by bitweaver