PACSOne Server 6.6.2 - Local File Inclusion

What is "PACSOne Server 6.6.2 - Local File Inclusion?"

The "PACSOne Server 6.6.2 - Local File Inclusion" module is designed to detect a vulnerability in the PACSOne Server 6.6.2 software. This vulnerability allows for local file inclusion through its integrated DICOM Web Viewer. The severity of this vulnerability is classified as high, with a CVSS score of 7.5. The module was authored by 0x_Akoko.

Impact

If exploited, this vulnerability could allow an attacker to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.

How the module works?

The module sends an HTTP GET request to the "/pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd" path. This request attempts to traverse the file system and access the "/etc/passwd" file. The module then applies two matching conditions:

- The first condition uses a regular expression to check if the response contains the string "root:[x*]:0:0". - The second condition checks if the response status code is 200.

If both conditions are met, the module reports a vulnerability.

For more information, you can refer to the CXSecurity website.