CVE-2017-9830-Exploit
Exploit Title: OpenEMR 5.0.0 - Remote Code Execution (Authenticated)
CVE description:
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
ExploitDB:
Exploit Description:
The OpenEMR application allows users from all roles to upload files. However, the application does not whitelist only certain type of files (e.g. PDF, JPG, PNG, DOCX, etc). At the contary, any type of files can be uploaded to the filesystem via the application. While OpenEMR recommends during the installation to restrict access to the repository hosting uploaded files, unfortunately, such recommendations are too often ignored by users and can result in full compromise of the web server and its data.
- Vendor Homepage: https://www.open-emr.org/
- Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.0/openemr-5.0.0.zip/download
- Version: 5.0.0
- Tested on Windows 10
Usage:
python3 exploit.py -T Target_IP -P Target_Port -U OpenEMR_path -u username -p password

