what you don't know can hurt you

COYO 9.0.8 / 10.0.11 / 12.0.4 Cross Site Scripting

COYO 9.0.8 / 10.0.11 / 12.0.4 Cross Site Scripting
Posted Feb 1, 2019
Authored by Simon Moser

COVO versions 9.0.8, 10.0.11, and 12.0.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16519
MD5 | f5e58babe39fb480e6a49abc818a40c6

COYO 9.0.8 / 10.0.11 / 12.0.4 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2018-032
Product: COYO
Manufacturer: COYO GmbH
Affected Version(s): 9.0.8, 10.0.11, 12.0.4
Tested Version(s): 9.0.8, 10.0.11, 10.0.33, 12.0.4
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2018-09-06
Solution Date: 2019-01-16
Public Disclosure: 2019-02-01
CVE Reference: CVE-2018-16519
Author of Advisory: Simon Moser, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

COYO is a social intranet software.

The manufacturer describes the product as follows (see [1]):

"COYO is an integrated platform for your official company news, social
collaboration and team messaging."

Due to a missing validation of URLs, COYO is vulnerable to persistent
cross-site scripting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

For URLs used by "iFrame" widgets, the server does not validate if they
contain JavaScript calls. Thereby, it is possible to execute JavaScript
code in the context of a user visiting a site prepared with a malicous
widget.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

* Create a page
* Add app > Content
* Add new widget > iFrame
* For URL, insert 'javascript:alert("SySS XSS");' and save

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Update to the current version of COYO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2018-09-05: Vulnerability discovered
2018-09-06: Vulnerability reported to manufacturer
2018-10-22: Disclosure postponed until release of 13.0.0
2019-01-16: Release of a fixed version
2019-02-01: Public disclosure of this advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for COYO
https://www.coyoapp.com/en/home
[2] SySS Security Advisory SYSS-2018-032
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-032.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Simon Moser of SySS GmbH.

E-Mail: simon.moser@syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Simon_Moser.asc
Key ID: 0x5FF2CFC6
Key Fingerprint: E3C2 A86E 530D 8BD3 C40B 6542 8376 5B89 5FF2 CFC6

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: https://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE48KoblMNi9PEC2VCg3ZbiV/yz8YFAlxPeQoACgkQg3ZbiV/y
z8bxnAf/RST+6oAzldQiyyLAS1dTaqQ7afXgxQ33f4I9Gpex4BiarEh2dhyEvhTS
vykbX4Ycmt/iQ6V5ZfLqxJew1gdfKPyvzD9YbboYd2lgmurpzezhKhCg+ROXvhOg
lCGmsvlK4Q3X4oELA91Y0hPrM4Z9gdEjFmmYYkwgQHLI7fqfFkDsuNF3Vu1J45DX
pXOBLTyiF+PIecdcVc93mvzf7R0JC2e/j6fW+JFcgVLo3q71lrSLinf/64SPMYJP
fFaLO7WHP2LLaCvnerlSSsFeLww9gGftCU1fcqIcvE4GkjI/GdCIFEgw3x0BJY5O
LtG89db2FszTMzUHWdfHMOkW03JJzw==
=1PqU
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    16 Files
  • 22
    Nov 22nd
    2 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close