HackDig : Dig high-quality web security articles

Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)

2020-08-20 18:59
Title: Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)
Advisory ID: ZSL-2020-5586
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (5/5)
Release Date: 21.08.2020
Summary
EIBIZ develop advertising platform for out of home media in thattime the world called "Digital Signage". Because most business customersstill need get outside to get in touch which products and services. Onlinemedia alone cannot serve them right place, right time.
Description
The application suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
Vendor
EIBIZ Co.,Ltd. - http://www.eibiz.co.th
Affected Version
<=3.8.0
Tested On
Windows Server 2016
Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application
Vendor Status
[26.07.2020] Vulnerability discovered.
[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.
PoC
imediasignage_addadmin.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[21.08.2020] - Initial release
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.6855-0202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:1596 | Comments:0 | Tags:No Tag

“Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3