Online Appointment SQL Injection

2019.09.07
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Online Appointment SQL Injection # Data: 07.09.2019 # Exploit Author: mohammad zaheri # Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System # Tested on: Windows # Google Dork: N/A ========= Vulnerable Page: ========= Online-Appointment-Booking-System-master/signup.php ========== Vulnerable Source: ========== Line 52: $name=$_POST['fname']; Line 53: $gender=$_POST['gender']; Line 54: $dob=$_POST['dob']; Line 55: $contact=$_POST['contact']; Line 56: $email=$_POST['email']; Line 57: $username=$_POST['username']; Line 58: $password=$_POST['pwd']; Line 59: $prepeat=$_POST['pwdr']; Line 62: if (mysqli_query($conn, $sql)) ========= POC: ========= http://site.com/Online-Appointment-Booking-System-master/signup.php?sql=[SQL] ========= Contact Me : ========= Telegram : @m_zhrii Email : neoboy503@gmail.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top