Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PACSOne Server 6.6.2 - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is "PACSOne Server 6.6.2 - Local File Inclusion?"

The "PACSOne Server 6.6.2 - Local File Inclusion" module is designed to detect a vulnerability in the PACSOne Server 6.6.2 software. This vulnerability allows for local file inclusion through its integrated DICOM Web Viewer. The severity of this vulnerability is classified as high, with a CVSS score of 7.5. The module was authored by 0x_Akoko.


If exploited, this vulnerability could allow an attacker to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.

How the module works?

The module sends an HTTP GET request to the "/pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd" path. This request attempts to traverse the file system and access the "/etc/passwd" file. The module then applies two matching conditions:

    - The first condition uses a regular expression to check if the response contains the string "root:[x*]:0:0". - The second condition checks if the response status code is 200.

If both conditions are met, the module reports a vulnerability.

For more information, you can refer to the CXSecurity website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability