Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "PACSOne Server 6.6.2 - Local File Inclusion" module is designed to detect a vulnerability in the PACSOne Server 6.6.2 software. This vulnerability allows for local file inclusion through its integrated DICOM Web Viewer. The severity of this vulnerability is classified as high, with a CVSS score of 7.5. The module was authored by 0x_Akoko.
If exploited, this vulnerability could allow an attacker to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
The module sends an HTTP GET request to the "/pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd" path. This request attempts to traverse the file system and access the "/etc/passwd" file. The module then applies two matching conditions:
If both conditions are met, the module reports a vulnerability.
For more information, you can refer to the CXSecurity website.