Gibbon 14.0.01 Frame Injection

Gibbon 14.0.01 Frame Injection

Gibbon v14.0.01 - Frame Injection Vulnerabilities
Advisory ID: Gibbon 14.0.01 Frame Injection

Gibbon v14.0.01 - Frame Injection Vulnerabilities
Advisory ID: RO-18-012
Severity: Medium
Vendor: Gibbon
Product: Gibbon
Version: v14.0.01


Overview #

Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.


Vulnerability Details #

Affected Versions: v14.0.01 and earlier

Root Cause: Insufficient input validation allows attackers to inject iframe elements.
Technical Details #

Install Page:

URL: /gibbon-install/installer/install.php?step=2
Parameters: databaseServer, databaseUsername (POST)
Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Frontend:

URL: /core/index.php?q=/modules/Resources/resources_view.php
Parameter: tag (GET)
Attack Pattern: <iframe src="http://attacker.com/"></iframe>



Exploitation Requirements #

No authentication required for frontend vulnerability
Access to install page (typically restricted)

Impact #

Remote attackers can exploit these vulnerabilities to:

Inject malicious frames into the application
Perform clickjacking attacks
Load external malicious content



Solution #

Update to a patched version of Gibbon.


References #

Invicti Advisory NS-18-002

Timeline:

[2018-01-17] - First Contact
[2018-01-20] - Vendor Fixed
[2018-06-28] - Advisory Released

Credits: Omar Kurt