Category Archives: Advisories

Tienda-Online-Economica & XSS Allow Execute Evil Remote Code

Author(s):Ivan Sanchez
Product: Tienda online economica
Url vendor: http://www.tienda-online-economica.com
Date: 11/08/2013
Vendor Notified: 10/08/2013
Extract:

En Tienda Online Económica te ofrecemos todo lo necesario para que tengas tu tienda online lista para vender en internet en sólo 3 semanas.
Y además, con Tienda Online Económica tendrás un diseño único y personalizado para tu tienda online, especial para vender tus productos,
y servicios en Internet.
Explotation Parameter and Function:

http://DOMAIN/es/search/0

Parameter Affected:
q= XSS

Function Affected:
<form id=”frm-search” action=”http://www.site.com/es/search/0″ class=”grid_2 alpha omega” method=”post”>
<input id=”q” name=”q” type=”text” value=”<!– HTML codes by Nullcode Team –> <marquee behavior=”scroll” direction=”left” scrollamount=”10″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”40″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”50″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”60″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”70″>Nullcode Team.</marquee>” />
Remediation:
Sanitize all parameters

Xopie Virtual Shop & XSS Allow Execute Evil Remote Code

Author(s): Raul Diaz(Dshellnoi Unix) & Ivan Sanchez
Contact Us: security@evilcode.com.ar
Product: Xopie Virtual Shop 2013
Date: 25/06/2013
Vendor: Notified twice
Answer: At the moment We have not resources to mitigate this issue.

 

Parameter Affected:
Example 1:

q=[INJECT HERE]&commandSearch=Buscar

Sites affected
——————–
Important: More than 6.500 sites affected, vendor notified

http://www.nxt-telecom.com/es/list

http://www.softcreativa.com

http://airballoons.xopie.com/es/list

http://www.mueblesmarro.com

http://www.infocrack.cat/es/list

http://www.proyector.org/es/list

http://www.extensionesnaturalesonline.com/es/list

http://vadebisu1.xopie.com/en/list

http://www.omerchandising.com/en/list

http://dprk.xopie.com/en/list

http://www.toolman.es/en/list

http://www.kiteluxe.es/en/list

http://www.amparomaciaonline.es/en/list

http://www.labotigadelbolet.com/en/list

http://www.koolin.cat/en/list

http://www.mariaplantis.com/en/list

http://www.why-not-fly.com/en/list

http://www.hunternature.com/en/list

http://www.informaplay.com/en/list

http://www.complementsperlaindependencia.cat/en/list

http://hobbyocasion.xopie.com/en/list

http://mymarcarbara.xopie.com/es/list

http://labrujula.xopie.com/es/list

http://dicoelecsas.xopie.com/es/list

http://deluzlighting.xopie.com/es/list

http://bazardecalidad.xopie.com/es/list

http://quarentena.xopie.com/es/list

http://comprabarato.xopie.com/es/list

http://digitalsignshop.xopie.com/es/list

http://hinchadecor.xopie.com/tags/index

http://voltimum.xopie.com/es/list

http://mueblesled.xopie.com/es/list

http://jt1electronica.xopie.com/es/list

http://fruitaula.xopie.com/tags/index

http://deliverystores.xopie.com/es/list

http://lamanida.xopie.com/ca/list

http://luminoxhair.xopie.com/es/list

http://auto4x4.xopie.com/es/list

http://merceriabacares.xopie.com/es/list

http://habitacionessev.xopie.com/es/list

http://todoparaiphone.xopie.com/es/list

http://lamejorsalud.xopie.com/es/list

http://jldsantandreu.xopie.com/es/list

http://cuisineslowcost.xopie.com/fr/list

more….

Software CMS Cameron McKenna 2013 Allow Execute Evil Remote Code

Author(s): Ivan Sanchez & Raul Diaz(Dshellnoi Unix)
Contact Us: security@evilcode.com.ar
Version: CMS 2013
Date: 26/04/2013
Product: CMS Cameron McKenna
Vendor: Notified twice

Sites affected

——————–

http://www.cms-cmck.com

http://www.cms-bfl.com/

http://cms-site/Berlin-Germany

http://www.cms-db.com/Antwerp-Belgium

http://www.cms-dsb.com/Amsterdam-Netherlands

http://www.cms-bfl.com/Casablanca-en

http://cms-site.com/Frankfurt-Germany-LS

http://www.cms-rpa.com//en-Lisbon-Portugal

http://www.cms-rrh.com/Ljubljana-Slovenia

http://cms-site.ru/Moscow-Russia

http://www.cms-asl.com/Madrid-Spain

http://www.cms-aacs.com/Milan-Italy

http://www.cms-veh.com

http://cms-site.cn/Shanghai-China-en

Example:

“><img src=”image.gif” onerror=”alert(1)”>

Software Gestión GESIO XSS Allow Execute Evil Remote Code

Author(s): Ivan Sanchez & Raul Diaz
Contact Us: security@evilcode.com.ar
Version: GESIO CM Tienda Online
Date: 18/04/2013
Product: GESIO CM
Vendor: Notified

The POC will be posted in short time.

GOOGLE DORKS:
allintext:POLÍTICA DE PROTECCIÓN DE DATOS -Software Gestión GESIO®
inurl:cms/site_0003

Microsoft Windows -Tipskins.dll Malformed HTML Null Pointer Dereference Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft  Windows Tipskins.dll
Date: 13/10/2011
Product: Microsoft Windows Vista/Seven Tipskins.dll
Vendor: Notified
Internal Id: MSRC 11642

We have discovered that the product “Microsoft Windows Vista/Seven Tipskins.dll” presents a big hole regarding a Remote NULL Pointer Dereference , crashing the application when you run special  code .

Microsoft Visual Studio 2010 – Vsabv10dt.dll Malformed HTML Null Pointer Dereference Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft Visual Studio 2010 / Vsabv10dt.dll
Date: 13/10/2011
Product: Microsoft Microsoft Visual Studio 2010/ VVsabv10dt.dll
Vendor: Notified
Internal Id: MSRC 11644

We have discovered that the product “Microsoft Visual Studio 2010 – Vsabv10dt.dll” presents a big hole regarding a Remote NULL Pointer Dereference , crashing the application when you run special  code .

Microsoft Office 2010 BCSAutogen.dll – Remote Unhandled exception Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft Office 2010 Component  BCSAutogen.dll
Date: 10/10/2011
Product: Microsoft Office 2010 Component  BCSAutogen.dll
Vendor: Notified
Internal Id: MSRC 11641

We have discovered that the product “Microsoft Office 14 Component  BCSAutogen.dll” presents a big hole regarding an unhandled exception rather than a memory corruption, crashing the application when you run special  code .

Quick Time Player 7.6.9 – ActiveX Control Buffer Overflow Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: QuickTimePlayer_7.6.9
Date: 06/09/2011
Product:QuickTimePlayer_7.6.9
Vendor Notified: 2 months ago  “Apple Inc  / bugreport.apple.com ”
Problem ID: 9753778

We have discovered that the product “QuickTimePlayer_7.6.9″ presents a big hole regarding an ActiveX Control Buffer Overflow, crashing the application when you run special code.


VMware Exe’s Files Affected – Access Violation Memory Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: VMware Virtual Image Editing Framework 4.0.0 build-111735
Date: 05/09/2011
Product:VMware Virtual Image Editing Framework 4.0.0 build-111735
Vendor Notified: VMware Inc.

We have discovered that the product “VMware Virtual Image Editing Framework 4.0.0 build-111735″ presents a big hole regarding an Access Violation Code , crashing the application when you run special code.


VMware Virtual Image Editing Framework – DLL Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: VMware Virtual Image Editing Framework 4.0.0 build-111735
Date: 05/09/2011
Product: VMware Virtual Image Editing Framework
Vendor Notified: VMware Inc.

We have discovered that the product “VMware Virtual Image Editing Framework 4.0.0 build-111735″ presents a big hole as regard to DLL hijacking;The basis of this exploit is the way in which Python works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.