Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Description:

The parameters username and contactno from COVID 19 Testing Management System (CTMS) 1.0 are vulnerable to Remote Code SQL injection attacks. Test REQUESTS: Payloads 27325265' or 8079=8079-- and 35638130' or 9157=9162--. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. The attacker can execute a Remote Code Injection to override the current password for the admin account directly from the broadcast networks! Status Critical and awful. BR nu11secur1ty

NOTE:

Second-order SQL - Injection method.

Reproduce:

href

Proof:

href