Title: Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Advisory ID: ZSL-2020-5583
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 21.08.2020

Summary

EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time.

Description

i-Media Server is vulnerable to unauthenticated configuration disclosure when direct object reference is made to the SiteConfig.properties file using an HTTP GET method. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

Vendor

EIBIZ Co.,Ltd. - http://www.eibiz.co.th

Affected Version

<=3.8.0

Tested On

Windows Server 2016
Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application

Vendor Status

[26.07.2020] Vulnerability discovered.
[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.

PoC

imediasignage_config.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://www.exploit-db.com/exploits/48764
[2] https://packetstormsecurity.com/files/158941
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/187181
[4] https://cxsecurity.com/issue/WLB-2020080118

Changelog

[21.08.2020] - Initial release
[19.09.2020] - Added reference [1], [2], [3] and [4]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk