Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Posted by deepcore on December 4, 2020 – 11:45 pm

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« IDT PC Audio 1.0.6499.0 Unquoted Service Path Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL