Title: iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation
Advisory ID: ZSL-2020-5608
Type: Local/Remote
Impact: Security Bypass, Privilege Escalation
Risk: (4/5)
Release Date: 04.11.2020

Summary

iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows.

Description

The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.

Vendor

Guangzhou Yeroo Tech Co., Ltd. - http://www.yerootech.com

Affected Version

V6.2 B2014.12.12.1220
V5.6 B2017.07.12.1757
V4.3

Tested On

Microsoft Windows XP
Microsoft Windows 7
Microsfot Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows 10
Apache Tomcat/8.0.44
Apache Tomcat/6.0.35
Apache-Coyote/1.1
Apache Axis/1.4
MySQL 5.5.25
Java 1.8.0

Vendor Status

N/A

PoC

dsspro_eop.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://exchange.xforce.ibmcloud.com/vulnerabilities/191260
[2] https://packetstormsecurity.com/files/159918
[3] https://www.exploit-db.com/exploits/48992
[4] https://cxsecurity.com/issue/WLB-2020110025

Changelog

[04.11.2020] - Initial release
[11.11.2020] - Added reference [1], [2], [3] and [4]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk