Clinic management system 1.0 sql injection to remote code execution Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-10-22 |
Type : webapps |
Platform : php
This exploit / vulnerability Clinic management system 1.0 sql injection to remote code execution is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution
# Date:21/10/2021
# Exploit Author: Pablo Santiago
# Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/Nikhil_B/clinic-full-source-code-with-database_0.zip
# Version: 1.0
# Tested on: Windows 7 and Ubuntu 21.10
# References: https://medium.com/@Pablo0xSantiago/clinic-management-system-1-0-sql-injection-bypass-to-remote-code-execution-804bceac037e
# Vulnerability: Through SQL injection to bypass the login form it is
# possible to upload a malicious file and after use that malicious file to
# execute code in the remote system.
# Proof of Concept: