Tuesday, October 30, 2007

Detecting BroadVision Applications. Are they secure?

Are proprietary applications secure? Well, i guess yes and no. Security researchers are constantly researching for flaws in those applications and only if a bug is reported, will only then the company take actions to secure their loopholes. I am currently auditing a BroadVision application and what a surprised i got from my results. I am not supposed to reveal anything, but i let me tell you, for a critical application like this, i am not sure if the customer is using an old version of BroadVision or it was simply not check for sanitization. I could basically do pretty much i want from that application and create a havoc. Too bad, i cant show anything here but trust me, if you guys got a chance to audit a BroadVision application, you will be surprised with the kind of flaws you find. Its basically like opening a can of worms, waiting for someone to feed on it.

Well, at first i wasn't sure it was a BroadVision application, however after some researching on observation on the HTTP headers, this is what i got:

POST http://example.com/bvsn/bvcom/en/server/whereto.jsp?BV_SessionID=NNNN1809204881.10923774158NNNN&BV_EngineID=nnndaoplghjkiihcfklcfkmdgohdgih.0&BV_UseBVCookie=yes HTTP/1.0

The killer signature here is the parameter names of BV_SessionID and BV_ EngineID. If you see these anywhere in a URL or on a http header, you have more or less nailed down a BroadVision Application. Of course there are some other parameters like checking for .do extention, however that wasn't seen during the audit. Google for those highlighted in bold and you will see what i mean. I am now signing off here and back for another round of audit. I am going to pretty much cripple the whole application this time round.

The Hacka Man

10 comments:

euronymous said...

Great post Ronald...
I'm really enthusiast by your blog...I've discovered it recently :) anyway...I'm going to pen test a broadcast application written in php and 90% actionScript...so I think I will have fun :)

from now I will keep in touch with your blog thanks to atom :)

good pen Test man!

Anonymous said...

thank you.

By the way, who is this? Care to leave ur blog or details down? Anyway, i want to show the exploits, but however i can't so i guess i have to keep it.

hackathology

euronymous said...

I'm just a security enthusiast young student:) i'm opening my blog right now...
I just think that the best way to learn advanced techniques is from the bests on the scene..you, dafydd, pinto, rsnake, and so on (sorry if I've forgot someone :))

euronymous ** from a foggy Italy

Anonymous said...

[url=http://seghan.ru/go.php?sid=35][img]http://s001.radikal.ru/i194/1001/f2/3b8e742581a0.jpg[/img][/url]












[url=http://membres.multimania.fr/soutyen/]buy cigarettes with paypal uk [/url]
buy cigarette holders buy cigarettes online cigarettes online store order camel cigarettes online
[url=http://membres.multimania.fr/thorwcl/]buy japan cigarettes [/url]
can buy cigarettes at buy bastos cigarettes buying cigarettes online from europe
[url=http://membres.multimania.fr/ysleehf/]order clove cigarettes online [/url]
buy 305 cigarettes online where to buy cigarettes in new hampshire marlboro cigarettes buy
[url=http://membres.multimania.fr/enemgne/]buy cigarettes new york [/url]
buy fortuna cigarettes indian reservations to buy cigarettes buy ultra buy premier cigarettes online
[url=http://membres.multimania.fr/dnnuctg/]18 to buy cigarettes [/url]
lowering the age of buying cigarettes buy kool cigarettes e cigarette where to buy it
[url=http://utenti.multimania.it/peexcal/]buying clove cigarette [/url]
19 to buy cigarettes laws about buying cigarettes buy smokeless cigarettes
[url=http://utenti.multimania.it/haisjzu/]alternative cigaretts buy [/url]
order newport cigarettes creditcards accepted order cheap cigarettes buy player cigarettes

Anonymous said...

Excellent, what a blog it is! This blog provides valuable data to us, keep it up.
My webpage :: Buy Cigarettes Online

Anonymous said...

wonderful put up, very informative. I ponder why the other experts of this
sector don't notice this. You must proceed your writing. I'm confident, you have a great readers' base already!
Also visit my weblog clean my pc

Anonymous said...

wonderful put up, very informative. I ponder why the other experts of this sector don't notice this. You must proceed your writing. I'm confident, you have
a great readers' base already!
My site - clean my pc

Anonymous said...

Hello mates, good article and good arguments commented here, I am really enjoying by
these.
Visit my web-site :: piano lessons

Anonymous said...

Great article! We will be linking to this great post on our website.

Keep up the great writing.
Also see my website - how to make an app

Anonymous said...

Have you ever thought about including a little bit more than
just your articles? I mean, what you say is fundamental and
everything. Nevertheless think of if you added some great photos or videos
to give your posts more, "pop"! Your content is excellent but with images and clips, this blog could definitely be one of the greatest in its field.
Good blog!
Take a look at my web-site ... no more acne