##############################################################################
#
#  MediaWiki Encoded Links Script Insertion Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/04/04
#
#  $Revision: 1.1 $
#
#  $Log: os2a_mediawiki_html_injection_601296.nasl,v $
#  Revision 1.1  2006/04/07 06:55:50  shraddha
#  To Production Issue #2160
#
#  Revision 1.3  2006/04/05 06:28:41  hpavithra
#  Minor changes in description
#  Issue: #2160
#
#  Revision 1.2  2006/04/04 09:04:59  schandan
#  Issue #2160
#  Added BID
#  Modified Regex.
#
#  Revision 1.1  2006/04/04 05:03:20  hshreesha
#  issue #2160
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(601296);
 script_bugtraq_id(17269);
 script_cve_id("CVE-2006-1498");
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses : XSS");
 script_name(english:"MediaWiki Encoded Links Script Insertion Vulnerability");
 script_summary(english:"Check for vulnerable version of MediaWiki");
 desc["english"] = "
 Overview : This host has MediaWiki installed, which is prone to script
 insertion vulnerability.

 This flaw is due to improper sanitization of inputs passed in encoded links
 before being displayed. 
 
 Impact : Successful exploitation can lead to execution of attacker-supplied
 script code in the context of the affected website which in-turn can lead to
 the theft of cookie-based authentication credentials.

 Scope of Impact is restricted to application level.
 
 Affected Software : MediaWiki 1.4.14 and prior.
		     MediaWiki 1.5.7 and prior.

 Affected Platform : Any system running the affected software.

 Solution : For MediaWiki version 1.4.14 and prior,
            Upgrade to MediaWiki version 1.4.15

            For MediaWiki version 1.5.7 and prior,
	    Upgrade to MediaWiki version 1.5.8
	    http://prdownloads.sourceforge.net/wikipedia/

 References :
 http://secunia.com/advisories/19508/
 http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html

 CVSS Score :
       CVSS Base Score     : 5.2 (AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:I)
       CVSS Temporal Score : 3.9
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("os2a_mediawiki_version_600811.nasl");
 script_require_keys("MediaWiki/Version");
 script_require_ports("Services/www", 80);
 exit(0);
}


 include("http_func.inc");

 port = get_http_port(default:80);
 if(!port){
        exit(0);
 }

 mediawikiVer = get_kb_item("MediaWiki/Version");
 if(mediawikiVer)
 {
  	if(ereg(pattern:"^1\.([0-3](\..*)?|(4(\.[0-9]|\.1[0-4])?|5(\.[0-7])?))($|[^.0-9])",
	 	string:mediawikiVer)){
 		security_warning(port);
 	}
 }