CodoForum 3.4: XSS
Date: 2015-12-02 15:50:331. Introduction
| Affected Product: | CodoForum 3.4 |
| Fixed in: | not fixed |
| Fixed Version Link: | n/a |
| Vendor Contact: | admin@codologic.com |
| Vulnerability Type: | XSS |
| Remote Exploitable: | Yes |
| Reported to vendor: | 09/01/2015 |
| Disclosed to public: | 12/02/2015 |
| Release mode: | Full Disclosure |
| CVE: | Requested, but not assigned |
| Credits | Tim Coen of curesec GmbH |
2. Vulnerability Description
There is an XSS vulnerability in CodoForum 3.4. With this, it is possible to steal cookies, bypass CSRF protection, or inject JavaScript keyloggers.
The HybridAuth 2.1.2 Install script is vulnerable to XSS attacks. In version 3.4, CodoForum did update HybridAuth to the latest version, but kept the old version in a folder called hybridauthold.
3. Proof of Concept
http://localhost/codoforum/sys/Ext/hybridauthold/install.php/"><script>alert(1)</script>
4. Solution
This issue was not fixed by the vendor.
5. Report Timeline
| 09/01/2015 | Informed Vendor about Issue (no reply) |
| 09/22/2015 | Reminded Vendor of disclosure date |
| 09/23/2015 | Vendor requests clarification |
| 09/23/2015 | Clarified Issue |
| 09/29/2015 | Reminded Vendor of disclosure date |
| 09/29/2015 | Vendor requests more time |
| 09/29/2015 | Set new disclosure date |
| 11/03/2015 | Reminded Vendor of disclosure date (no reply) |
| 11/17/2015 | CVE Requested (no reply) |
| 12/02/2015 | Disclosed to public |