VULNERABLE: SQL Injection Authentication Bypass exists in Hospital-Management-System. An attacker can inject query in “/Hospital-Management-System-master/func.php" via the ‘email’ parameters.
Description: The vulnerability is present in the “/Hospital-Management-System-master/func.php " , and can be exploited throuth a POST request via the ‘email’ parameters.
Impact: Allow attacker inject query and access , disclosure of all data on the system.
Suggestions: User input should be filter, Escaping and Parameterized Queries.
Payload: email =' or 1 limit 0,1#
File affect:
Proof of concept (POC):
Inject payload:
Bypass authentication success and redirect admin panel
The text was updated successfully, but these errors were encountered:
VULNERABLE: SQL Injection Authentication Bypass exists in Hospital-Management-System. An attacker can inject query in “/Hospital-Management-System-master/func.php" via the ‘email’ parameters.
The text was updated successfully, but these errors were encountered: