Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
PoC
 
 
 
 
 
 

CTMS

Vendor

Description:

The parameters username and contactno from COVID 19 Testing Management System (CTMS) 1.0 are vulnerable to Remote Code SQL injection attacks. Test REQUESTS: Payloads 27325265' or 8079=8079-- and 35638130' or 9157=9162--. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. The attacker can execute a Remote Code Injection to override the current password for the admin account directly from the broadcast networks! Status Critical and awful. BR nu11secur1ty

NOTE:

Second-order SQL - Injection method.

Reproduce:

href

Proof:

href