Twonky Server is a media server software that allows streaming of multimedia content over DLNA/UPnP protocols. When exposed to the internet or an untrusted network without proper authentication or access restrictions, it may allow unauthorized users to browse and access media files, interact with server settings, or gather sensitive network information.
PoC代码[已公开]
id: twonky-server-exposure
info:
name: Twonky Server - Exposure
author: DhiyaneshDk
severity: high
description: |
Twonky Server is a media server software that allows streaming of multimedia content over DLNA/UPnP protocols. When exposed to the internet or an untrusted network without proper authentication or access restrictions, it may allow unauthorized users to browse and access media files, interact with server settings, or gather sensitive network information.
reference:
- https://lynxtechnology.com/twonky-server.html
- https://download.twonky.com/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-915768386
tags: twonky,exposure,misconfig,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "contains_all(body, '<title>TwonkyMedia</title>','Settings')"
- "status_code == 200"
condition: and
# digest: 4a0a0047304502204c70ea857f08f55e419a7a497f09223e384b21a8864bb99194855bf96abb4018022100e13446309f28456266d3c833222d7d5479d2ff1c4cdac4b99c2f1eb87d58f44d:922c64590222798bb761d5b6d8e72950