HackDig : Dig high-quality web security articles for hackers

BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF

2020-09-30 16:40
Title: BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
Advisory ID: ZSL-2020-5595
Type: Local/Remote
Impact: Exposure of System Information
Risk: (3/5)
Release Date: 30.09.2020
Summary
BrightSign designs media players and provides free softwareand cloud networking solutions for the commercial digital signage marketworldwide, serving all vertical segments of the marketplace.
Description
Unauthenticated Server-Side Request Forgery (SSRF) vulnerabilityexists in the BrightSign digital signage media player affecting theDiagnostic Web Server (DWS). The application parses user supplied datain the 'url' GET parameter to construct a diagnostics request to theDownload Speed Test service. Since no validation is carried out on theparameter, an attacker can specify an external domain and force theapplication to make an HTTP request to an arbitrary destination host.This can be used by an external attacker for example to bypass firewallsand initiate a service and network enumeration on the internal networkthrough the affected application.
Vendor
BrightSign, LLC - https://www.brightsign.biz
Affected Version
Model: XT, XD, HD, LS
Firmware / OS version: <=8.2.26
Tested On
roNodeJS
Vendor Status
[01.08.2020] Vulnerability discovered.
[01.08.2020] Vendor contacted.
[16.09.2020] No response from the vendor.
[17.09.2020] Vendor contacted.
[29.09.2020] No response from the vendor.
[30.09.2020] Public security advisory released.
PoC
brightsign_ssrf.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[30.09.2020] - Initial release
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.5955-0202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:248 | Comments:0 | Tags:No Tag

“BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools