what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

bestbuy.txt

bestbuy.txt
Posted Aug 16, 2003
Authored by cmthemc

The Best Buy Employee Toolkit software program has a URL Parsing vulnerability in the configuration screen that could allow an attacker to hijack certain network connections or read plain-text passwords.

tags | exploit
SHA-256 | 99a147e6df46debfd1a83e1d35b47fcb2186a94abb792619a49a528fb9f01c29

bestbuy.txt

Change Mirror Download
Title: URL Parsing and Plain Text Password disclosure in Best Buy Employee Toolkit Software
Provided by: cm` cmthemc[at]yahoo.com
----------------
Best Buy Employee Toolkit Interactive is a software program used nationally by Best Buy Terminal Systems. The software allows employees the ability to check multiple systems throughout the internal network. A URL Parsing vulnerability in the configuration screen could allow an attacker to execute a command shell interface and hijack certain network connections or read plain-text passwords.

-----------------
Impact: High
-----------------

Analysis:
-URL Parsing
By pressing CTRL+SHIFT within the Employee Toolkit software and clicking on the exit button, a logged in user is given access to the Toolkit's configuration screen. An area within the configuration screen allows a logged in user to enter a URL. There are no bounds checking on what is entered in the URL area and an attacker could use this to execute a local command shell or execute other programs locally stored.

-Plain-text Password Disclosure
Once an attacker has executed a local command shell, they then have access to the root directory which houses a batch file that remotely mounts the Store's central server. The batch file uses the 'net use' command to map the server's drive and holds the password for the administrator of the central server in plain text.

By combining the trickery of both the URL Parsing vulnerability and the plain-text password disclosure an attacker could execute telnet to remotely log into the central server as the administrator.

Finding the servers on the local area network is as easy as executing the 'net view' command at command shell. Another method for finding these servers is to open a page within the employee toolkit and pressing CTRL+P to bring up the printing interface. Choose to print the text to a file then click the network button. This will bring up all of the computers connected to the Best Buy network.

-----------------
Vendor Status:
-----------------

05/05/2003 - Best Buy notified of vulnerability.
06/12/2003 - Best Buy coordinates with IBM to release a fix; Patch ineffective.
06/12/2003 - Best Buy notified of patch ineffectivness, I was told vulnerability was not a serious problem.
07/27/2003 - Best Buy notified again of vulnerability and its impact.
08/14/2003 - No Response from Best Buy.
08/14/2003 - Public Disclosure.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close