| Titel | ZKteco biotime 9.0.1 Exposure of Access Control List Files to an Unauthorized Control |
|---|
| Beschreibung | Vendor of Product: Biotime
Version: 9.0.1
Description:
There is a vulnerability that allows unauthorized access to sensitive images without proper security permissions. This issue arises when a site administrator adds a user or an employee captures their picture. Consequently, an attacker can view all images by guessing the image URLs, effectively circumventing security measures.
Vulnerability Details:
The vulnerability can be exploited by performing a brute force attack on the image URLs. For example, by accessing the following URL pattern:
bash
Copy code
http://time.xmzkteco.com:8097/auth_files/photo/*
An attacker can brute-force the image names, trying variations such as name.jpg with numbers from 0 to 1000 or more, leading to access to images like:
bash
Copy code
http://time.xmzkteco.com:8097/auth_files/photo/109.jpg
This allows an attacker to retrieve all images stored on the server.
Proof of Concept (PoC):
Using the URL pattern mentioned above, an attacker can sequentially access image files without authentication.
Dorks:
Shodan query:
http.title:"biotime"
Reported by: CyberSecurity Center - MOI Iraq |
|---|
| Quelle | ⚠️ https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1 |
|---|
| Benutzer | Cybersecurity Center - MOI Iraq (UID 76965) |
|---|
| Einreichung | 31.10.2024 17:58 (vor 2 Jahren) |
|---|
| Moderieren | 09.11.2024 11:21 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 283662 [ZKTeco ZKBio Time 9.0.1 Image File /auth_files/photo/ erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|