VideoFlow Digital Video Protection DVP Directory Traversal Vulnerability Allowing Arbitrary File Disclosure

A directory traversal vulnerability has been identified in VideoFlow Digital Video Protection (DVP) version 2.10. This vulnerability allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences into the 'ID' parameter. The issue arises in several Perl scripts, including downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, and downloadFile.pl. Exploitation of this vulnerability enables access to sensitive system files, such as /etc/passwd.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of arbitrary files, including sensitive system files like /etc/passwd.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to one of the affected Perl scripts, such as downloadsys.pl, with a crafted 'ID' parameter that includes directory traversal sequences. This request can be made using a tool like curl, including the necessary session cookie to authenticate the request. The server will respond with the contents of the requested file, bypassing normal file access restrictions.