Gibbon v14.0.01 - Frame Injection Vulnerabilities

Advisory ID: RO-18-012
Severity: Medium
Vendor: Gibbon
Product: Gibbon
Version: v14.0.01

Overview #

Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.

Vulnerability Details #

Affected Versions: v14.0.01 and earlier

Root Cause: Insufficient input validation allows attackers to inject iframe elements.

Technical Details #

Install Page:

  • URL: /gibbon-install/installer/install.php?step=2
  • Parameters: databaseServer, databaseUsername (POST)
  • Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Frontend:

  • URL: /core/index.php?q=/modules/Resources/resources_view.php
  • Parameter: tag (GET)
  • Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Exploitation Requirements #

  • No authentication required for frontend vulnerability
  • Access to install page (typically restricted)

Impact #

Remote attackers can exploit these vulnerabilities to:

  • Inject malicious frames into the application
  • Perform clickjacking attacks
  • Load external malicious content

Solution #

Update to a patched version of Gibbon.

References #

Timeline:

  • [2018-01-17] - First Contact
  • [2018-01-20] - Vendor Fixed
  • [2018-06-28] - Advisory Released

Credits: Omar Kurt