PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal Vulnerability

ID 1337DAY-ID-29651
Type zdt
Reporter Carlos Avila
Modified 2018-01-28T00:00:00


Exploit for php platform in category web applications

                                            # Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion
# Software Link:
# Google Dork: inurl:pacs/login.php inurl:pacsone/login.php     inurl:pacsone filetype:php home     inurl:pacsone filetype:php login
# Version: PACSOne Server 6.6.2
# Category: webapps
# Tested on: Windows 7 / Debian Linux
# Exploit Author: Carlos Avila
# Contact:
1. Description
DICOM Web Viewer is a component written in PHP that is part of PacsOne software. In version 6.6.2, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required.
The 'path' parameter via GET is vulnerable.
Found: 08/14/2017
Vendor Reply & Fix: 09/28/2017
2. Proof of Concept
3. Solution:
Application inputs must be validated correctly.

# [2018-02-06]  #