← Advisories

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability

Medium
Advisory ID
ZSL-2020-5581
Release Date
13 August 2020
Vendor
Shenzhen Xingmeng Qihang Media Co., Ltd., Guangzhou Hefeng Automation Technology Co., Ltd. - http://www.howfor.com
Affected Version
3.0.9.0
CVE
N/A
Tested On
Microsoft Windows Server 2012 R2 Datacenter, Microsoft Windows Server 2003 Enterprise Edition, ASP.NET 4.0.30319, HowFor Web Server/5.6.0.0, Microsoft ASP.NET Web QiHang IIS Server
Summary

Digital Signage Software.

Description

The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the 'filename' parameter when using the download action or thru 'path' parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.

Proof of Concept
qhsignage_lfi.txtTXT
Disclosure Timeline
27.07.2020Vulnerability discovered.
28.07.2020Vendor contacted.
31.07.2020No response from the vendor.
10.08.2020Vendor contacted.
12.08.2020No response from the vendor.
13.08.2020Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/158861
[2]https://cxsecurity.com/issue/WLB-2020080062
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/186773
[4]https://www.exploit-db.com/exploits/48750
Changelog
13.08.2020Initial release
14.08.2020Added reference [1], [2] and [3]
18.08.2020Added reference [4]