VULNERABLE: SQL Injection in Hospital-Management-System. SQL injection in Hospital-Management-System/patientsearch.php via the 'patient_contact' param

I found an SQL Injection in your project
Pls Follow these steps to reproduce:
1. Create a request to 'patientsearch.php':
![Screenshot 2022-02-11 105352](https://user-images.githubusercontent.com/83261845/153535206-bfe08920-0a28-40f7-9392-ca75a84c679b.png)
2. Save this request to 1.txt file:
![image](https://user-images.githubusercontent.com/83261845/153535346-3986ee03-e803-4df4-9d31-13db5ef0daba.png)
3. Run SQLMap for the attack:
`sqlmap -r 1.txt --dbs`
![image](https://user-images.githubusercontent.com/83261845/153535507-4ee57e8f-782f-476e-97d0-48f25ab2a3fe.png)
4. Area of concern in patientsearch.php 
![image](https://user-images.githubusercontent.com/83261845/153535573-6732b824-583a-4163-ab9a-eed2a2d1db04.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VULNERABLE: SQL Injection in Hospital-Management-System. SQL injection in Hospital-Management-System/patientsearch.php via the 'patient_contact' param #19

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development