New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Path Traversal vulnerability #97
Comments
Thanks, will sandbox the content, since it happens after login there is one level of check if you secure the webUI or disable altogether as of now |
Thank you for your answer. Are you saying it's not a vulnerability? Does this not apply to the next patch? |
Yes and no, if the password is known, piShell is more dangerous place :) best way is to either block the webUI in such cases using server settings or change the password. However we will fix this vulnerability (it is) in the next release |
Fixed in 2.6.4 |
Describe the bug
Suggested description of the vulnerability
: A path traversal vulnerability in the web application component of piSignage 2.6 allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Raspberry Pi.
Attack vector(s)
1. Click the Log Download button at the bottom of the 'piSignage' administration page.
2. HTTP Packet is sent when the button is pressed.
3. Change the value of 'file' parameter to
../../../../../../../../../../etc/passwd
.4. You can see that the /etc/passwd file is read.
Affected URL/API(s)
URL:
/api/settings/log
Parameter:
file
Environment
The text was updated successfully, but these errors were encountered: