Lucene search
JunYeong Ko1337DAY-ID-33742HistoryJan 08, 2020 - 12:00 a.m.
piSignage 2.6.4 - Directory Traversal Vulnerability
2020-01-0800:00:00
JunYeong Ko
0day.today
42
0.029 Low
EPSS
Percentile
90.8%
Exploit for hardware platform in category web applications
# Exploit Title: piSignage 2.6.4 - Directory Traversal
# Exploit Author: JunYeong Ko
# Vendor Homepage: https://pisignage.com/
# Version: piSignage before 2.6.4
# Tested on: piSignage before 2.6.4
# CVE : CVE-2019-20354
Summary:
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
PoC:
1. Click the Log Download button at the bottom of the 'piSignage' administration page.
2. HTTP Packet is sent when the button is pressed.
3. Change the value of 'file' parameter to ../../../../../../../../../../etc/passwd.
4. You can see that the /etc/passwd file is read.
References:
https://github.com/colloqi/piSignage/issues/97
# 0day.today [2020-01-19] #Related
exploitpack
exploitpack
piSignage 2.6.4 - Directory Traversal
2020-01-07 00:00:00
cvelist
cvelist
CVE-2019-20354
2020-01-06 05:53:46
packetstorm
packetstorm
piSignage 2.6.4 Directory Traversal
2020-01-07 00:00:00
prion
prion
Path traversal
2020-01-06 06:15:00
cve
cve
CVE-2019-20354
2020-01-06 06:15:10
nvd
nvd
CVE-2019-20354
2020-01-06 06:15:10
exploitdb
exploitdb
piSignage 2.6.4 - Directory Traversal
2020-01-07 00:00:00