HackDig : Dig high-quality web security articles

Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal

2020-08-20 18:59
Title: Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal
Advisory ID: ZSL-2020-5585
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 21.08.2020
Summary
EIBIZ develop advertising platform for out of home media in thattime the world called "Digital Signage". Because most business customersstill need get outside to get in touch which products and services. Onlinemedia alone cannot serve them right place, right time.
Description
i-Media Server is affected by a directory traversal vulnerability. Anunauthenticated remote attacker can exploit this to view the contents offiles located outside of the server's root directory. The issue can betriggered through the 'oldfile' GET parametery.
Vendor
EIBIZ Co.,Ltd. - http://www.eibiz.co.th
Affected Version
<=3.8.0
Tested On
Windows Server 2016
Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application
Vendor Status
[26.07.2020] Vulnerability discovered.
[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.
PoC
imediasignage_lfi.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[21.08.2020] - Initial release
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.5855-0202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:1420 | Comments:0 | Tags:No Tag

“Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3