Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36669: POC-DUMP/README.md at main · saitamang/POC-DUMP

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE
Open in Source
#sql#vulnerability#apache#php#auth

Permalink

Cannot retrieve contributors at this time

CVE-2022-36669

# Exploit Title: Hospital Information System - SQL Injection via login page
# Date: 25/07/2022
# Exploit Author: saitamang
# Vendor Homepage: https://code-projects.org
# Software Link: https://download-media.code-projects.org/2019/11/HOSPITAL_INFORMATION_SYSTEM_IN_PHP_WITH_SOURCE_CODE.zip
# Version: 1.0
# Tested on: Centos 7 apache2 + MySQL

Other refrence --> https://packetstormsecurity.com/files/167803/Hospital-Information-System-1.0-SQL-Injection.html

From the login page, at the email form, the attacker may fill anything inside. On the password form, the attacker may used below payload and click login to successfully login as Admin functionality.

Payload --> 'or 1=1#

Login bypass using normal SQLI payload

Login bypass with Sleep validation

Checking length of column

##You may download script automation to get the database name for your reference to learn!

Download here

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE