Online appointment sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-09-09 | Type : webapps | Platform : php
This exploit / vulnerability Online appointment sql injection is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Online Appointment SQL Injection
# Data: 07.09.2019
# Exploit Author: mohammad zaheri
# Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System
# Tested on: Windows
# Google Dork: N/A


=========
Vulnerable Page:
=========
Online-Appointment-Booking-System-master/signup.php


==========
Vulnerable Source:
==========
Line 52: $name=$_POST['fname'];
Line 53: $gender=$_POST['gender'];
Line 54: $dob=$_POST['dob'];
Line 55: $contact=$_POST['contact'];
Line 56: $email=$_POST['email'];
Line 57: $username=$_POST['username'];
Line 58: $password=$_POST['pwd'];
Line 59: $prepeat=$_POST['pwdr'];
Line 62: if (mysqli_query($conn, $sql))

=========
POC:
=========
http://site.com/Online-Appointment-Booking-System-master/signup.php?sql=[SQL]



=========
Contact Me :
=========
Telegram : @m_zhrii
Email : neoboy503@gmail.com