Logo of NSFOCUS
English Version Chinese Version Japanese Version
Products & Solutions Services Support Reaserch Careers About Us
Corporate Profile
Branch Offices
Customers
News
Honors
Partners
NEWS
NSFOCUS Provided First Time Detection on Severe Vulnerability Exposed on Web Applications
 
On January 6, 2010, a severe vulnerability (Discuz! showmessage function remote code execution) broke out on the Discuz! system that is widely used in China. Vulnerable versions include Discuz! V7.1 and 7.2. Successful exploitation of this vulnerability could allow attackers to generate Webshell remotely and thereby execute system code. In such a situation, NSFOCUS Security Research Team released an emergency update against this vulnerability on January 7. Using the Web Application Scanning Module of NSFOCUS Remote Security Assessment System (NSFOCUS RSAS), vulnerability, if any, on a Web application can be detected first time after it occurred, and corresponding remediation recommendations are also provided.

Since Discuz! is a very popular forum in China and the vulnerability can be quite easily exploited (by simply registering a general account), an attacker who successfully exploit this vulnerability together with another one can gain control over the entire Web system, and further, penetrate into the Intranet. Therefore, this vulnerability may play into the hands of underground hackers who might conduct Trojan plant attacks extensively.

According to security experts from NSFOCUS, NSFOCUS RSAS Web Application Scanning Module adopts various state-of-the-art technologies such as simulated intelligent crawler click-on, proactive Trojan inspection, and the core scheduling engine, providing multi-level, all-round security vulnerability scanning, auditing, and penetration test on the network layers, operating systems and databases of Web applications, Web services and supporting systems. In addition, the module helps network administrators perform security tests before a system goes online and regularly assess system health afterwards, and corporate security administrators monitor and manage risks universally.
 
 
 

About NSFOCUS
NSFOCUS is a leading network security vendor in China that is devoted to network and system security research, as well as R&D, sales and service of high-level network security products. NSFOCUS is capable of providing IDS/IPS, remote assessment, DDoS prevention and other advanced products with internationally competitive advantages, and is the most experienced professional security service vendor in China.

 
  ©2010