Lucene search
JunYeong KoPACKETSTORM:155864HistoryJan 07, 2020 - 12:00 a.m.
piSignage 2.6.4 Directory Traversal
2020-01-0700:00:00
JunYeong Ko
packetstormsecurity.com
92
0.029 Low
EPSS
Percentile
90.8%
`# Exploit Title: piSignage 2.6.4 - Directory Traversal
# Date: 2019-11-13
# Exploit Author: JunYeong Ko
# Vendor Homepage: https://pisignage.com/
# Version: piSignage before 2.6.4
# Tested on: piSignage before 2.6.4
# CVE : CVE-2019-20354
Summary:
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
PoC:
1. Click the Log Download button at the bottom of the 'piSignage' administration page.
2. HTTP Packet is sent when the button is pressed.
3. Change the value of 'file' parameter to ../../../../../../../../../../etc/passwd.
4. You can see that the /etc/passwd file is read.
References:
https://github.com/colloqi/piSignage/issues/97
`
Related
prion
prion
Path traversal
2020-01-06 06:15:00
exploitpack
exploitpack
piSignage 2.6.4 - Directory Traversal
2020-01-07 00:00:00
cvelist
cvelist
CVE-2019-20354
2020-01-06 05:53:46
cve
cve
CVE-2019-20354
2020-01-06 06:15:10
zdt
zdt
piSignage 2.6.4 - Directory Traversal Vulnerability
2020-01-08 00:00:00
nvd
nvd
CVE-2019-20354
2020-01-06 06:15:10
exploitdb
exploitdb
piSignage 2.6.4 - Directory Traversal
2020-01-07 00:00:00