Crea8Social Social Network Script - Multiple Cross-Site Scripting Vulnerabilities

🗓️ 29 Mar 2018 00:00:00Reported by Mohamed BasetType

zdt🔗 0day.today👁 31 Views

Multiple XSS Vulnerabilities in Crea8Social Social Network Script, Pro and Business versions. Impact: Privilege escalation, code execution, information disclosure

Reporter	Title	Published	Views	Family All 35
ATTACKERKB	CVE-2018-9123	29 Mar 201805:29	–	attackerkb
ATTACKERKB	CVE-2018-9121	29 Mar 201805:29	–	attackerkb
ATTACKERKB	CVE-2018-9122	29 Mar 201805:29	–	attackerkb
ATTACKERKB	CVE-2018-9120	29 Mar 201805:29	–	attackerkb
CNVD	Crea8Social Cross-Site Scripting Vulnerability	29 Mar 201800:00	–	cnvd
CNVD	Crea8Social cross-site scripting vulnerability (CNVD-2018-07586)	29 Mar 201800:00	–	cnvd
CNVD	Crea8Social Cross-Site Scripting Vulnerability (CNVD-2018-07587)	29 Mar 201800:00	–	cnvd
CNVD	Crea8Social cross-site scripting vulnerability (CNVD-2018-07588)	29 Mar 201800:00	–	cnvd
CVE	CVE-2018-9120	29 Mar 201805:00	–	cve
CVE	CVE-2018-9121	29 Mar 201805:00	–	cve

[-] Title: Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

[-] Product Description:
Crea8Social is the leading social networking software that helps you build your own custom online community.

[-] Vulnerability Type:
Multiple Cross-Site Scripting Vulnerabilities (Stored and Reflected)

[-] Impact and more info:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

[-] Version affected:
Crea8Social Social Network Script – Pro and Business

[-] Test Performed:
Quick Trial Security Assessment (not fully tested)

[-] Vulnerable Request Type:
GET, POST

[-] Vulnerable Module/Parameter/Path:
1. Stored Cross-Site Scripting Vulnerability in Crea8Social Post comments
2. Stored Cross-Site Scripting Vulnerability in Crea8Social User Profile
3. Stored Cross-Site Scripting Vulnerability in Crea8Social Posts
4. Reflected Cross-Site Scripting Vulnerability in Search feature:
– [Script_Installation_Domain]/search?term=%22%20onmousemove=%22alert(document.domain)%22
– [Script_Installation_Domain]/search/dropdown

[-] Payload used:
<<SCRIPT>alert(“XSS-Here”);//<</SCRIPT>

[-] Blogpost and Proof of concept Videos:
– https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/
– https://www.youtube.com/watch?v=bCf0hO9upto
– https://www.youtube.com/watch?v=QqJFh3Ame9g

[-] Attack Vectors:
– Escalation of Privileges: A normal user can create a bogus (user) account on Crea8Social platform hence hijack the Admin’s account and takeover the whole installation.
– Client Side JS Code Execution: A normal user can create a bogus (user) account on Crea8Social platform with a stored XSS attack vector which will lead to execute JS code on behalf of all the user types passing by the attacker’s public user profile page.
– Information Disclosure: A normal user can create a bogus (user) account on Crea8Social platform with a rough stored XSS attack vector to perform client side js code execution on other users sessions hence steal their session cookie or their private information from their accounts.

[-] Fix Suggestion:
Filter and sanitize all the user supplied inputs.

[-] Advisory(s):
– CVE-2018-9120
– CVE-2018-9121
– CVE-2018-9122
– CVE-2018-9123

[-] Product URL(s):
https://www.crea8social.com/

[-] Disclaimer:
This bug is subject to Seekurity SAS de C.V. responsible disclosure rules which is a 90-day-disclosure-deadline or NON-Responsive vendor. After 90 days elapse, Non-Responsive vendor detection or a patch has been made broadly available, the bug details will become visible to the public through our official communication channels.

#  0day.today [2018-04-01]  #

29 Mar 2018 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.00257