Exploit-DB 27ecd9e84b DB: 2024-04-16

5 changes to exploits/shellcodes/ghdb

Jenkins 2.441 - Local File Inclusion
OpenClinic GA 5.247.01 - Information Disclosure
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

djangorestframework-simplejwt 5.3.1 - Information Disclosure

2024-04-16 00:16:46 +00:00

1.6 KiB

Raw Blame History

Exploit Title: OpenClinic GA 5.247.01 - Information Disclosure

Date: 2023-08-14

Exploit Author: VB

Vendor Homepage: https://sourceforge.net/projects/open-clinic/

Software Link: https://sourceforge.net/projects/open-clinic/

Version: OpenClinic GA 5.247.01

Tested on: Windows 10, Windows 11

CVE: CVE-2023-40278

Details

An Information Disclosure vulnerability was discovered in the printAppointmentPdf.jsp component of OpenClinic GA 5.247.01. The issue arises due to improper handling of error messages in response to manipulated input, allowing an attacker to deduce the existence of specific appointments.

Proof of Concept (POC)

Steps to Reproduce:

Access the Vulnerable Component:
Navigate to the URL: http://[IP]:10088/openclinic/planning/printAppointmentPdf.jsp?AppointmentUid=1.1.
Manipulating the AppointmentUid Parameter:
Change the AppointmentUid parameter value to test different IDs.
For example, try different numerical values or formats.
Observing the Responses:
Note the system's response when accessing with different AppointmentUid values.
A "document is not open" error indicates the existence of an appointment with the specified ID.
A different error message or response indicates non-existence.
Confirming the Vulnerability:
The differing error messages based on the existence of an appointment confirm the Information Disclosure vulnerability.
This allows an unauthorized user to deduce whether specific appointments exist without direct access to appointment data. As a result, an attacker could deduce the number of appointments performed by private clinics, surgeries and private doctors.

1.6 KiB Raw Blame History