INFINITT PACs – Multiple Vulnerablities

# Title: INFINITT PACs Health Care System - Multiple Vulnerabilities
# Vendor: http://www.infinitt.com/cms/index
# Product: INFINITT PACs Health Care System 
# Credit: Jerold Hoong
-------------------------------------
# CROSS-SITE SCRIPTING
Cross-site scripting (XSS) vulnerability in jerry.asp in INFINITT PACs Health Care System allows remote unauthenticated users to inject arbitrary javascript via the pname parameter.
-------------------------------------
# SQL INJECTION
SQL injection vulnerability in jerry.asp in INFINITT PACs Health Care System allows remote authenticated users to inject arbitrary malicious database commands as part of user input via the uid parameter.
-------------------------------------
# PASSWORDS ENCODED IN PACS DATABASE
The Infinitt PACS system does not implement an encryption scheme when storing user account passwords in the database. Based on our observations, the application does a “substitution” operation for each of the password characters and stores the password directly into the database.
-------------------------------------
# INSECURE PROTOCOL USED
The Infinitt PACS system communicates with the DICOM component using the HTTP protocol. The system uses HTTP basic authentication when retrieving DICOM images from the server, which includes user  credentials encoded in Base64 as part of the HTTP request. This can be easily decoded to obtain the authentication credentials in plaintext.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s