Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Membership Management System 1.0 SQL Injection

🗓️ 01 Mar 2024 00:00:00Reported by SoSPiroType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 313 Views

Membership Management System 1.0 SQL Injection in Hospital Management System on Windows 1

Code
`- Title: Membership Management System - SQL injection  
- Application: Hospital Management System  
- Date: 01.03.2024  
- Bugs: SQL injection  
- Exploit Author: SoSPiro  
- Vendor Homepage: https://codeastro.com/author/nbadmin/  
- Software Link: https://codeastro.com/membership-management-system-in-php-with-source-code/  
- Version: 1.0  
- Tested on: Windows 10 64 bit Wampserver  
  
### Vulnerability Description:  
  
The provided payload in the POST request indicates a potential SQL injection vulnerability. Specifically, the manipulation within the email and password parameters suggests an attempt to influence the SQL query directly, presenting a risk for exploiting security vulnerabilities.  
  
### SQL Injection:  
  
This manipulated submission aims to affect the SQL query by incorporating user input. For instance, the use of **sleep(5)** introduces a time-delay technique, indicative of a potential resource-consuming attack vector by malevolent actors.  
  
  
  
### Proof of Concept (PoC):  
  
Below is an example payload illustrating the SQL injection vulnerability:  
  
```  
[email protected]' + (SELECT * FROM (SELECT (SLEEP(5)))a) +'&password=admin' or '1'='1'&login=  
```  
  
In this example, the **sleep(5)** function is employed to induce a time delay, followed by the use of or **'1'='1'** in the password control section, aiming to always evaluate as true.  
  
- Request Response  
  
[PoC FoTo](https://gcdnb.pbrd.co/images/9k8xy4YRomp3.png?o=1)  
  
  
### Vulnerable Code Section:  
  
```php  
$email = $_POST['email'];  
$password = $_POST['password'];  
  
$hashed_password = md5($password);  
$sql = "SELECT * FROM users WHERE email = '$email' AND password = '$hashed_password'";  
```  
  
The provided PHP code section exacerbates the SQL injection risk by directly incorporating user input into the SQL query. To mitigate this vulnerability, the use of parameterized queries or prepared statements is recommended.  
  
  
## Reproduce: https://sospiro014.github.io/Membership-Management-System-SQL-injection  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerabilitysql injectionhospital management systemexploitsql querysecurityphp codeparameterized queriesprepared statementsresource-consuming attack vector
313