ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.
The SQL injection can be exploited by all user accounts, including low-privilege "student" users.
The HTTP GET parameter "
start" is defined as "
cases_casenotes_load.php. This parameter is not sanitised and can be used to manipulate the SQL query to execute arbitrary commands from an attacker. For example, an attacker can use the following payload to force the server to sleep for 5 seconds:
This can be used with common tools, such as SQLmap, to extract all records in the database. This includes usernames, email addresses, password hashes, etc.
版权声明：《 Blind SQL Injection in ClinicCases 7.3.3 》为admin原创文章，转载请注明出处！