Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion

What is the "Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion?"

The "Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion" module is designed to detect a vulnerability in the Softneta MedDream PACS Server Premium software version 6.7.1.1. This vulnerability is classified as CWE-22 and has a severity rating of high (CVSS-Score: 7.5). The module was authored by 0x_akoko.

Impact

A local file inclusion vulnerability allows an attacker to include arbitrary files from the target system. In the case of Softneta MedDream PACS Server Premium 6.7.1.1, this vulnerability could potentially lead to unauthorized access to sensitive files or information stored on the server.

How the module works?

The module sends an HTTP GET request to the "/pacs/nocache.php" endpoint with a specific query parameter that triggers the local file inclusion vulnerability. The request path includes a sequence of directory traversal characters ("%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini") to access the "win.ini" file on the Windows operating system.

The module then checks the response body for specific words, such as "bit app support," "fonts," and "extensions," to confirm the presence of the vulnerable file inclusion. If the words are found, the module reports the vulnerability.

It is important to note that this module is designed for detection purposes only and does not perform any exploitation or modification of the target system.

Reference:

- https://www.exploit-db.com/exploits/45347

- https://www.softne