Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Title: Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Advisory ID: ZSL-2020-5583
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 21.08.2020
Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application
[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.
[2] https://packetstormsecurity.com/files/158941
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/187181
[4] https://cxsecurity.com/issue/WLB-2020080118
[19.09.2020] - Added reference [1], [2], [3] and [4]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2020-5583
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 21.08.2020
Summary
EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time.Description
i-Media Server is vulnerable to unauthenticated configuration disclosure when direct object reference is made to the SiteConfig.properties file using an HTTP GET method. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.Vendor
EIBIZ Co.,Ltd. - http://www.eibiz.co.thAffected Version
<=3.8.0Tested On
Windows Server 2016Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application
Vendor Status
[26.07.2020] Vulnerability discovered.[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.
PoC
imediasignage_config.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/48764[2] https://packetstormsecurity.com/files/158941
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/187181
[4] https://cxsecurity.com/issue/WLB-2020080118
Changelog
[21.08.2020] - Initial release[19.09.2020] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk