Lucene search
JunYeong KoEXPLOITPACK:852BB3F148627AD52F5F5BB0377EFFEDHistoryJan 07, 2020 - 12:00 a.m.
piSignage 2.6.4 - Directory Traversal
2020-01-0700:00:00
JunYeong Ko
20
0.029 Low
EPSS
Percentile
90.8%
piSignage 2.6.4 - Directory Traversal
# Exploit Title: piSignage 2.6.4 - Directory Traversal
# Date: 2019-11-13
# Exploit Author: JunYeong Ko
# Vendor Homepage: https://pisignage.com/
# Version: piSignage before 2.6.4
# Tested on: piSignage before 2.6.4
# CVE : CVE-2019-20354
Summary:
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
PoC:
1. Click the Log Download button at the bottom of the 'piSignage' administration page.
2. HTTP Packet is sent when the button is pressed.
3. Change the value of 'file' parameter to ../../../../../../../../../../etc/passwd.
4. You can see that the /etc/passwd file is read.
References:
https://github.com/colloqi/piSignage/issues/97Related
cvelist
cvelist
CVE-2019-20354
2020-01-06 05:53:46
packetstorm
packetstorm
piSignage 2.6.4 Directory Traversal
2020-01-07 00:00:00
prion
prion
Path traversal
2020-01-06 06:15:00
cve
cve
CVE-2019-20354
2020-01-06 06:15:10
zdt
zdt
piSignage 2.6.4 - Directory Traversal Vulnerability
2020-01-08 00:00:00
nvd
nvd
CVE-2019-20354
2020-01-06 06:15:10
exploitdb
exploitdb
piSignage 2.6.4 - Directory Traversal
2020-01-07 00:00:00