EasyCafe Server Remote File Disclosure Vulnerability

A remote file disclosure vulnerability has been identified in EasyCafe Server versions through 2.2.14. This vulnerability allows unauthenticated remote attackers to access arbitrary files by absolute path via TCP port 831. The server uses a custom protocol, and attackers can exploit this flaw by sending a request with opcode 0x43. If the requested file exists and is accessible, its contents are returned without any authentication. This vulnerability could be used to retrieve sensitive files such as system configuration, password files, or application data.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive files on the server, including system configurations and application data.

Reproduction

The vulnerability can be reproduced by sending a TCP packet to port 831 with opcode 0x43, followed by the absolute path of the file to be accessed. The server will respond with the file's contents if the file exists and is accessible. This vulnerability has been successfully tested on EasyCafe Server 2.2.14 in both Trial and Demo modes, on Windows XP SP3 and Windows 7 SP1.