The exploit demonstrates a vertical privilege escalation vulnerability in SonicDICOM PACS 2.3.2 by sending an HTTP PATCH request with the 'Authority' parameter set to '1', granting admin rights to a normal user. The provided HTTP request template is functional and includes all necessary headers and parameters.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:SonicDICOM PACS 2.3.2 and 2.3.1
Auth required
Prerequisites:Valid user session (cookie) · Network access to the target application