DICOM® Connectivity Framework (DCF) Operations Window Remote Command Execute - Shule's Blog

DICOM® Connectivity Framework (DCF) Operations Window Remote Command Execute

2024-2-02 16:42

|

1,395

|

|

0

|

2024-2-29 20:46

92 字

|

1 分钟内

PoC：

The default configuration after DCF installation is to access it without authorization，similar to the figure below.

mstsc_m4vJSavcxo

Allowing a user to have full control over the filename at the point of viewing the log file can cause arbitrary file reads and directory traversal vulnerabilities.

BurpSuiteCommunity_ITLEBTfzsT

The following picture shows the effect of reading from any file. payload: /cgi-bin/format_logfile.pl?/etc/passwd

mstsc_lwJUEgsy2A

Directory traversal. payload: ?/ . All files in the root directory will be displayed.

And when we splice the pipe character | after the filename, then the file will be executed, giving the effect of remote command execution.

版权声明：除特殊说明，博客文章均为 Shule 原创，依据 CC BY-SA 4.0 许可证进行授权，转载请附上出处链接及本声明。

暂无评论

发送评论编辑评论

Markdown

悄悄话

邮件提醒

|´・ω・)ノ

ヾ(≧∇≦*)ゝ

(☆ω☆)

（╯‵□′）╯︵┴─┴

￣﹃￣

(/ω＼)

∠( ᐛ 」∠)＿

(๑•̀ㅁ•́ฅ)

→_→

୧(๑•̀⌄•́๑)૭

٩(ˊᗜˋ*)و

(ノ°ο°)ノ

(´இ皿இ｀)

⌇●﹏●⌇

(ฅ´ω`ฅ)

(╯°A°)╯︵○○○

φ(￣∇￣o)

ヾ(´･･｀｡)ノ"

( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃

(ó﹏ò｡)

Σ(っ °Д °;)っ

( ,,´･ω･)ﾉ"(´っω･｀｡)

╮(╯▽╰)╭

o(*////▽////*)q

＞﹏＜

( ๑´•ω•) "(ㆆᴗㆆ)

颜文字

Emoji

小恐龙

花!