← Advisories

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cleartext Credentials Disclosure

Medium
Advisory ID
ZSL-2020-5579
Release Date
13 August 2020
Vendor
Shenzhen Xingmeng Qihang Media Co., Ltd., Guangzhou Hefeng Automation Technology Co., Ltd. - http://www.howfor.com
Affected Version
3.0.9.0
CVE
N/A
Tested On
Microsoft Windows Server 2012 R2 Datacenter, Microsoft Windows Server 2003 Enterprise Edition, ASP.NET 4.0.30319, HowFor Web Server/5.6.0.0, Microsoft ASP.NET Web QiHang IIS Server
Summary

Digital Signage Software.

Description

The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/User/User.xml' and obtain administrative login information that allows for a successful authentication bypass attack.

Proof of Concept
qhsignage_creds.txtTXT
Disclosure Timeline
27.07.2020Vulnerability discovered.
28.07.2020Vendor contacted.
31.07.2020No response from the vendor.
10.08.2020Vendor contacted.
12.08.2020No response from the vendor.
13.08.2020Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/158859
[2]https://exchange.xforce.ibmcloud.com/vulnerabilities/186772
[3]https://cxsecurity.com/issue/WLB-2020080061
[4]https://www.exploit-db.com/exploits/48748
Changelog
13.08.2020Initial release
14.08.2020Added reference [1], [2] and [3]
18.08.2020Added reference [4]