Dicoogle PACS Local File Inclusion Scanner

Dicoogle PACS is a software system used in healthcare facilities for managing digital medical imaging files. It provides a platform for storing and accessing PACS (Picture Archiving and Communication System) data, commonly used by hospitals and clinics to manage radiology and other types of medical imaging records. The software is often used by medical professionals and administrators to ensure that accurate imaging records can be accessed efficiently. Dicoogle PACS aims to improve workflows and collaboration within healthcare environments and supports a variety of data standards and interoperability formats. It is favored for its ability to scale and fit into diverse IT environments, from small clinics to large hospital systems. The platform is open-source, which encourages developers to enhance and customize its features according to specific healthcare requirements.

Local File Inclusion (LFI) vulnerabilities allow attackers to include files from the server itself in web applications. This type of vulnerability can potentially expose sensitive information such as server configurations, user data, and application codes. Attackers exploit LFI by manipulating input parameters to execute arbitrary file paths via the web application. This often leads to unauthorized information disclosure and may assist in further exploiting a system by providing an internal view of the server's structure. Due to its nature, LFI is a high-severity vulnerability and can compromise a server if not properly mitigated. Incorporating files through LFI can inadvertently give attackers the ability to read local files and session details.

The Dicoogle PACS 2.5.0 version has a vulnerability at the `/exportFile` endpoint. This vulnerability occurs when the vulnerable parameter allows path traversal sequences, enabling unauthorized file access. Attackers may exploit this by supplying crafted requests containing `..` sequences in the `UID` parameter, allowing arbitrary file inclusion from the system. Such technical details in the application endpoints and parameters make it susceptible to attack if exposed to the internet without protections. Successful exploitation could enable an attacker to read sensitive configurations or user information without needing admin credentials.

When a system is exploited via a Local File Inclusion vulnerability, unauthorized users may gain access to sensitive information. This can lead to serious security implications, such as disclosure of confidential data, unauthorized view of system files, and potentially, a step towards further exploitation. For entities like healthcare organizations using PACS systems, this could mean exposure of private patient information, potentially leading to legal and compliance violations. Furthermore, gaining insights into system configurations through included files may allow attackers to find other vulnerabilities or weaknesses to exploit.

REFERENCES

• https://www.exploit-db.com/exploits/45007
• https://cxsecurity.com/issue/WLB-2018070131
• http://www.dicoogle.com/home