This POC targets Orthanc DICOM server (Windows) < 1.12 using a malicious DICOM polyglot file and allows users with access to the Orthanc API to overwrite arbitrary files on the file system
Modification of Shielder's public proof of concept for CVE-2023-33466 (https://github.com/ShielderSec/poc/tree/main/CVE-2023-33466) to work against Windows Orthanc systems. Also added was proxy functionality to the check.py script. The repo will be kept updated with my latest findings and scripts on the CVE.
Vendor:
- Orthanc: https://www.orthanc-server.com/
- CVE-2023-33466: https://nvd.nist.gov/vuln/detail/CVE-2023-33466