• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

  • Ја почнал/а темата
  • #1

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
686
517
www.zeroscience.mk
Код:
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR


Vendor: Sony Electronics Inc.
Product web page: https://pro-bravia.sony.net
                  https://pro-bravia.sony.net/resources/software/bravia-signage/
                  https://pro.sony/ue_US/products/display-software
Affected version: <=1.7.8

Summary: Sony's BRAVIA Signage is an application to deliver
video and still images to Pro BRAVIAs and manage the information
via a network. Features include management of displays, power
schedule management, content playlists, scheduled delivery
management, content interrupt, and more. This cost-effective
digital signage management solution is ideal for presenting
attractive, informative visual content in retail spaces and
hotel reception areas, visitor attractions, educational and
corporate environments.

Desc: Insecure direct object references occur when an application
provides direct access to objects based on user-supplied input.
As a result of this vulnerability attackers can bypass authorization
and access the hidden '/#/content-creation' resource in the system.

Tested on: Microsoft Windows Server 2012 R2
           Ubuntu
           NodeJS
           Express


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5611
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php


20.09.2020

--


http://192.168.1.20:8080/#/content-creation

 

Нови мислења

Последни Теми

Статистика

Теми
42,736
Мислења
831,578
Членови
28,727
Најнов член
Davorsuker1
На врв Дно