Doctors Appointment Script - SQL Injection

vendor:

Doctors Appointment Script

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Doctors Appointment Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Doctors Appointment Script – SQL Injection

SQL Injection vulnerability exists in Doctors Appointment Script. An attacker can inject malicious SQL queries via the 'lat', 'lon', and 'category' parameters in the 'search' script. This can be used to extract sensitive information from the database such as user credentials. Additionally, a file upload vulnerability exists in the 'doctor_image' directory, allowing an attacker to upload malicious files.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, access to the 'doctor_image' directory should be restricted.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Doctors Appointment Script - SQL Injection
# Google Dork: N/A
# Date: 05.04.2017
# Vendor Homepage: http://appointment-script.com/
# Software: http://appointment-script.com/demo
# Demo: http://appointment-script.com/demo
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/search?lat=[SQL]&lon=[SQL]&category=[SQL]&insurance=[SQL]
# user
#    id
#    first_name
#    last_name
#    username
#    email
#    password
#    user_level_id
# Doctor profile images file upload vulnerability available.
# http://localhost/[PATH]/images/doctor_image/...
# # # # #