Home / exploits ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0_R_230 Platform: 3.0.1.0_R_230 Personnel: 1.0.1.0_R_1916 Access: 6.0.1.0_R_1757 Elevator: 2.0.1.0_R_777 Visitor: 2.0.1.0_R_877 Video:2.0.1.0_R_489 Adms: 1.0.1.0_R_197 Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identification and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced solution for a whole new user experience. Desc: File path manipulation vulnerabilities arise when user-controllable data is placed into a file or URL path that is used on the server to access local resources, which may be within or outside the web root. An attacker can modify the file path to access different resources, which may contain sensitive information. Even where an attack is constrained within the web root, it is often possible to retrieve items that are normally protected from direct access, such as application configuration files, the source code for server-executable scripts, or files with extensions that the web server is not configured to serve directly. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Microsoft Windows 7 Professional SP1 (EN) Apache-Coyote/1.1 Apache Tomcat/7.0.56 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5365 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php 18.07.2016 -- http://127.0.0.1:8088/baseAction!getPageXML.action?xmlPath=/vid/../WEB-INF/web.xml </BODY></HTML>