Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File Inclusion

By kannthu

Critical
Vidoc logoVidoc Module
#ecsimagingpacs#rce
Description

This module detects a critical vulnerability in ECSIMAGING PACS Application version 6.21.5 and below. It targets the ECSIMAGING PACS software and is designed to detect a command injection vulnerability and a local file inclusion vulnerability.

Impact

The command injection vulnerability allows an attacker to execute arbitrary commands on the affected system. This can lead to unauthorized access, data leakage, and potential compromise of the entire system.

The local file inclusion vulnerability allows an attacker to include local files on the server, which can result in the disclosure of sensitive information, such as configuration files or even source code.

How the module works

The module sends an HTTP GET request to the endpoint /showfile.php?file=/etc/passwd in the ECSIMAGING PACS application. It then performs two matching conditions:

  1. The first matcher uses a regular expression to check if the response contains the string "root:" followed by any characters and the strings "0:0:". If this condition is met, the module considers it a positive match for the presence of the root user in the passwd file.
  2. The second matcher checks if the HTTP response status code is 200, indicating a successful request. If this condition is met, the module considers it a positive match for the expected response.

When both matching conditions are met, the module reports the vulnerability, indicating the presence of a command injection and local file inclusion vulnerability in the ECSIMAGING PACS application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/showfile.php?file=/...
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability