Tag Archives: Remote Code

Tienda-Online-Economica & XSS Allow Execute Evil Remote Code

Author(s):Ivan Sanchez
Product: Tienda online economica
Url vendor: http://www.tienda-online-economica.com
Date: 11/08/2013
Vendor Notified: 10/08/2013
Extract:

En Tienda Online Económica te ofrecemos todo lo necesario para que tengas tu tienda online lista para vender en internet en sólo 3 semanas.
Y además, con Tienda Online Económica tendrás un diseño único y personalizado para tu tienda online, especial para vender tus productos,
y servicios en Internet.
Explotation Parameter and Function:

http://DOMAIN/es/search/0

Parameter Affected:
q= XSS

Function Affected:
<form id=”frm-search” action=”http://www.site.com/es/search/0″ class=”grid_2 alpha omega” method=”post”>
<input id=”q” name=”q” type=”text” value=”<!– HTML codes by Nullcode Team –> <marquee behavior=”scroll” direction=”left” scrollamount=”10″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”40″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”50″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”60″>Nullcode Team.</marquee> <marquee behavior=”scroll” direction=”left” scrollamount=”70″>Nullcode Team.</marquee>” />
Remediation:
Sanitize all parameters

Software Gestión GESIO XSS Allow Execute Evil Remote Code

Author(s): Ivan Sanchez & Raul Diaz
Contact Us: security@evilcode.com.ar
Version: GESIO CM Tienda Online
Date: 18/04/2013
Product: GESIO CM
Vendor: Notified

The POC will be posted in short time.

GOOGLE DORKS:
allintext:POLÍTICA DE PROTECCIÓN DE DATOS -Software Gestión GESIO®
inurl:cms/site_0003

Microsoft Windows -Tipskins.dll Malformed HTML Null Pointer Dereference Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft  Windows Tipskins.dll
Date: 13/10/2011
Product: Microsoft Windows Vista/Seven Tipskins.dll
Vendor: Notified
Internal Id: MSRC 11642

We have discovered that the product “Microsoft Windows Vista/Seven Tipskins.dll” presents a big hole regarding a Remote NULL Pointer Dereference , crashing the application when you run special  code .

IBM.com – DevelopersForum.nsf – Cross-site Scripting/Remote Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions:www.ibm.com
Date: 26/08/2011
Product:www.ibm.com/lotus/symphony/developersForum.nsf

We have discovered that the product “IBM Corporation” presents a big hole regarding a Cross-site Scripting/Remote Execution Code attacks.

Real Player 14 – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Real Player 14
Date: 25/08/2011
Product: Realplayer
Vendor: Notified


We have discovered that the product “Real Player 14″ presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Real Player works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

ArcSoft PhotoImpression – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: PhotoImpression 6
Date: 20/08/2011
Product: PhotoImpression/ CheckUpdate.exe
Vendor: ArcSoft


We have discovered that the product “ArcSoft / CheckUpdate.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Arcsoft works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

IBM-LOTUS.com – lswiki.nsf – XSS/Remote Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions:www.ibm.com
Date: 18/08/2011
Product:www-10.lotus.com

We have discovered that the product “IBM /Lotus Corporation” presents a big hole regarding a Cross-site Scripting/Remote Execution Code attacks.


SUN Jucheck.exe – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Oracle Corporation
Date: 17/08/2011
Product: Java update
Vendor: Notified
BugId: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7080023

We have discovered that the product “Java/Jucheck.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Jucheck works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Pythonw Warnings.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Pythonw Types.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.