Submit #497083: harpia.com.br DiagSytem 12 Insecure Direct Object Reference(IDOR)info

Titleharpia.com.br DiagSytem 12 Insecure Direct Object Reference(IDOR)
DescriptionDiagSystem is a RIS (Radiology Information System) software developed by Harpia (www.harpia.com.br) for the management and automation of imaging diagnostic clinics. It covers everything from scheduling exams to storing and distributing medical reports, facilitating the workflow in healthcare institutions. More information about the system can be found on the official DiagSystem website: www.diagsystem.com.br. ## Searching for FOFA with the query: title="DiagSystem" || body="DiagSystem" I found at least 60 results using this system ## Link to view the POC: https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing # Proof of Concept (PoC) - IDOR in DiagSystem ## Step by Step for Exploitation 1. **Access to the System:** - Access the DiagSystem system through the link provided by the clinic. - Use the credentials received to log in. 2. **Identification of the Vulnerable Point:** - After logging in, access your own exam. - Note the exam URL, which contains a `cod` and `codexame` parameter. - Example of URL: ``` http://x.x.x.x:8081/diagsystem/PACS/atualatendimento_jpeg.php?cod=10677441&tp=JPEG&codexame=10677448 ``` 3. **Parameter Manipulation:** - Change the value of the `cod` parameter to a different number. - Modify the value of the `codexame` parameter to a number close to the original. - Access the new modified URL in the browser. 4. **Exploitation Verification:** - If the page loads and displays exams from other patients, the IDOR vulnerability is confirmed. - If access is denied or an error is returned, there may be a protection mechanism. 5. **Impact of the Vulnerability:** - Any authenticated user can access third-party exams simply by modifying parameters in the URL. - Serious privacy flaw and exposure of sensitive patient data. 6. **Mitigation Recommendations:** - Implement authentication and authorization checks on endpoints. - Avoid the use of predictable sequential identifiers. - Adopt secure tokens to control access to exams. - Perform security audits to identify other similar flaws.
Source⚠️ http://x.x.x.x:8081/diagsystem/PACS/atualatendimento_jpeg.php?cod=10677441&tp=JPEG&codexame=10677448
User
 Samuel Jesus (UID 81288)
Submission02/08/2025 08:05 PM (3 months ago)
Moderation02/22/2025 11:30 AM (14 days later)
StatusAccepted
VulDB Entry296550 [Harpia DiagSystem 12 atualatendimento_jpeg.php cod/codexame resource injection]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!