exploit the possibilities

BrightSign Digital Signage Diagnostic Web Server 8.2.26 Server-Side Request Forgery

BrightSign Digital Signage Diagnostic Web Server 8.2.26 Server-Side Request Forgery
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

BrightSign Digital Signage Diagnostic Web Server version 8.2.26 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit, web
MD5 | 296bf65f30621b25981d6cb6556e0e99

BrightSign Digital Signage Diagnostic Web Server 8.2.26 Server-Side Request Forgery

Change Mirror Download

BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF


Vendor: BrightSign, LLC
Product web page: https://www.brightsign.biz
Affected version: Model: XT, XD, HD, LS
Firmware / OS version: <=8.2.26


Summary: BrightSign designs media players and provides free software
and cloud networking solutions for the commercial digital signage market
worldwide, serving all vertical segments of the marketplace.

Desc: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability
exists in the BrightSign digital signage media player affecting the
Diagnostic Web Server (DWS). The application parses user supplied data
in the 'url' GET parameter to construct a diagnostics request to the
Download Speed Test service. Since no validation is carried out on the
parameter, an attacker can specify an external domain and force the
application to make an HTTP request to an arbitrary destination host.
This can be used by an external attacker for example to bypass firewalls
and initiate a service and network enumeration on the internal network
through the affected application.

Tested on: roNodeJS


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2020-5595
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php


01.08.2020

--


PoC:

# curl http://10.0.0.17/speedtest?url=127.0.0.1:22
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    28 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close