QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary File Disclosure

What is the "QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary File Disclosure?"

The "QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary File Disclosure" module is designed to detect a vulnerability in the QiHang Media Web application. This vulnerability allows an attacker to disclose arbitrary files without authentication. The severity of this vulnerability is classified as high.

This module was authored by gy741.

Impact

If successfully exploited, this vulnerability can lead to the unauthorized disclosure of sensitive files on the target system. This can potentially expose confidential information and compromise the security of the application and its users.

How the module works?

The module works by sending a specific HTTP request to the target system. The request includes the "responderId" and "fileName" parameters, which are used to trigger the vulnerability. The module then checks the response for specific conditions to determine if the vulnerability is present.

Here is an example of the HTTP request:

GET /QH.aspx?responderId=ResourceNewResponder&action=download&fileName=.%2fQH.aspx HTTP/1.1
Host: {%Hostname%}
Connection: close

The module uses several matching conditions to identify the vulnerability:

- The response header must contain the words "filename=QH.aspx" and "application/zip". - The response body must contain the words "QH.aspx.cs" and "QiHang.Media.Web.QH". - The response status code must be 200.

If all of these conditions are met, the module reports the vulnerability.