Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdt0xMykull1337DAY-ID-39684
HistoryJul 17, 2024 - 12:00 a.m.

Hospital Management System Project In ASP.Net MVC 1 SQL Injection Vulnerability

2024-07-1700:00:00
0xMykull
0day.today
141
sql injection vulnerability
authentication bypass
asp.net mvc

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0

Percentile

16.1%

JSON

Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

# Exploit Title: Hospital Management System Project in ASP.Net MVC - SQL
Injection / Authentication Bypass
# Date: 07/16/2024
# Exploit Author: 0xMykull
# Vendor Hompage:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Software Link:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Version: 1
# CVE: CVE-2024-40502

Description:
An SQL injection vulnerability has been discovered in the btn_login_b_Click
function of the affected web application. The vulnerability exists due to
the improper sanitization of user-supplied input in the login form.
Specifically, the txt_login_username.Text and txt_login_pass.Text fields
are concatenated directly into an SQL query string without proper
parameterization or escaping.

Endpoint: https://localhost:44306/Users/Loginpage.aspx

Bypass Payloads:

(default user)
Username: kihsan'--
password: <anything>

Username: <anyvaliduser>'--
password: <anything>

Related

cvelist 1
cve 1
packetstorm 1
vulnrichment 1
nvd 1
cvelist
cvelist
CVE-2024-40502
2024-07-22 00:00:00
cve
cve
CVE-2024-40502
2024-07-22 21:15:04
packetstorm
packetstorm
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
2024-07-17 00:00:00
vulnrichment
vulnrichment
CVE-2024-40502
2024-07-22 00:00:00
nvd
nvd
CVE-2024-40502
2024-07-22 21:15:04

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0

Percentile

16.1%

JSON
Related for 1337DAY-ID-39684
cvelist1cve1packetstorm1vulnrichment1nvd1