Latest YouTube Video
Wednesday, January 11, 2017
[FD] Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability
Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References (Source): ==================== http://ift.tt/2j37vHY Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ==================================== 2028 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== Cobi Tools allows your testers to e-mail their UDID from their phone. Console logs can also be emailed for debug assistance. For a more focused log, you can select various debug items to copy and email. (Copy of the Homepage: http://ift.tt/2icpQD0 ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a persistent input validation vulnerability in the obi Tools v1.0.8 apple ios mobile application. Vulnerability Disclosure Timeline: ================================== 2017-01-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Cobi Interactive Product: Cobi Tools - Mobile Application 1.0.8 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation web vulnerability has been discovered in the cobi tools v1.0.8 apple ios mobile application. The vulnerability allows an attacker to inject own malicious script codes persistent on the application-side to compromise. The persistent web vulnerability is located in the `devicename` parameter of the `eventlog email` module. Attackers are able to inject malicious script code as `devicename` to provoke an execution within the `email body message` context. The injection point is the devicename in the idevice settings. The execution point of the bug occurs in the message body of the eventlog email. The content of the eventlog that generates the email is not parsed at all. The security risk of the web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the web vulnerability requires a low privilege ios device account with restricted access and low user interaction. Successful exploitation of the vulnerability results in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Vulnerable Module(s) [+] EventLog Vulnerable Input(s): [+] name Vulnerable Parameter(s) [+] devicename Affected Module(s) [+] Mail Message Body (Email) Proof of Concept (PoC): ======================= The persistent validation vulnerability can be exploited by attackers with low privilege iOS device user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Install the application to your idevice (iphone or ipad) 2. Start the mobile application 3. Open the idevice ios settigs 4. Change the devicename to a maliciousc script code test payload 5. Save the entry and open the installed application again 6. Move to the eventlog and click on top the email button 7. The email opens and the execute takes place in the message body context 8. Successful reproduce of the vulnerability! Payload:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment