Codoforum v3.4 Stored Cross-Site Scripting (Stored XSS)

vendor:

Codoforum

by:

Ahmed Sherif (OffensiveBits)

7,5

CVSS

HIGH

Stored XSS

CWE

Product Name: Codoforum

Affected Version From: V3.4

Affected Version To: V3.4

Patch Exists: NO

Related CWE: N/A

CPE: a:codologic:codoforum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux Mint

2016

Codoforum v3.4 Stored Cross-Site Scripting (Stored XSS)

The Reply and search functionalities are both vulnerable to Stored XSS due to improper filtration in displaying the content of replies. Steps to reproduce the vulnerability include logging into an account, looking for any topic and adding a reply with a widely used common keyword within XSS payload, and then having any user surfing the topic and searching for specific keywords, which will cause the JavaScript code to be executed.

Mitigation:

The new version of codoforum will be released this week.

Source

Exploit-DB raw data:

# Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting (Stored XSS)
# Google Dork: intext:"powered by codoforum"
# Date: 01/06/2016
# Exploit Author: Ahmed Sherif (OffensiveBits)
# Vendor Homepage: http://codologic.com/page/
# Software Link: http://codoforum.com/index.php
# Version: V3.4
# Tested on: Linux Mint


1. Description:

The Reply and search functionalities are both vulnerable to Stored XSS due
to improper filtration in displaying the content of replies.


2. Steps to reproduce the vulnerability:


1. Login to your account.
2. look for any topic and add a reply .
3. in the reply textbox add a widely used common keyword within xss
payload for example : (keyword"><svg/onload=prompt(document.cookie)>)
4. while any user surfing the topic and started to search for specific
keywords the javascript code will be executed.



3. Solution:

The new version of codoforum will be released this week.