← Advisories

Horos 2.1.0 Web Portal Remote Information Disclosure Exploit

High

Advisory ID

ZSL-2016-5387

Release Date

16 December 2016

Vendor

Horos Project - https://www.horosproject.org

Affected Version

2.1.0

CVE

N/A

Tested On

macOS 12.10.2 (Sierra), macOS 12.10.1 (Sierra)

Summary

Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries.

Description

Horos suffers from a file disclosure vulnerability when input passed thru the URL path is not properly verified before being used to read files. This can be exploited to include files from local resources with directory traversal attacks.

Proof of Concept

horos_lfi.txtTXT

Disclosure Timeline

15.12.2016Vendor informed.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.exploit-db.com/exploits/40930/

[2]https://packetstormsecurity.com/files/140194

[3]https://cxsecurity.com/issue/WLB-2016120105

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/119862

Changelog

16.12.2016Initial release

20.12.2016Added reference [1], [2] and [3]

24.12.2016Added reference [4]