Headline
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
# Exploit Title: Hospital Management System Project in ASP.Net MVC - SQLInjection / Authentication Bypass# Date: 07/16/2024# Exploit Author: 0xMykull# Vendor Hompage:https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/# Software Link:https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/# Version: 1# CVE: CVE-2024-40502Description:An SQL injection vulnerability has been discovered in the btn_login_b_Clickfunction of the affected web application. The vulnerability exists due tothe improper sanitization of user-supplied input in the login form.Specifically, the txt_login_username.Text and txt_login_pass.Text fieldsare concatenated directly into an SQL query string without properparameterization or escaping.Endpoint: https://localhost:44306/Users/Loginpage.aspxBypass Payloads:(default user)Username: kihsan'--password: <anything>Username: <anyvaliduser>'--password: <anything>