Pre-Auth SQL Injection in Simple Doctor's Appointment System V1.0 (admin.php)

Based on the webpage screenshots provided by the user, I have extracted the following key information: 1. Vulnerability Overview: Title: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 (admin.php) SQL Injection #3 Affected Product: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 Vulnerability Type: SQL Injection Root Cause: In the file at line 10, the variable is directly concatenated into the SQL query statement without proper filtering or parameterization. Impact: Attackers can construct malicious requests to execute arbitrary SQL queries, thereby reading, modifying, or deleting sensitive information in the database (such as user credentials, patient records, etc.). Authentication Requirement: No login is required to exploit this vulnerability. 2. Affected Scope: Submitter: Vulnerable file Version: 1.0 Software Links: Download links for GitHub and SourceForge are provided. 3. Suggested Repair: Use parameterized queries (Prepared Statements) to prevent SQL injection. Validate and sanitize user input. Implement the Principle of Least Privilege. Regularly update and apply patches. Deploy a Web Application Firewall (WAF). 4. POC/Exploit Code: The page contains three main code/screenshot blocks demonstrating the exploitation process. First code block (Vulnerability details and POC): Shows the source code of , pointing out the vulnerability at line 10. Second code block (Payload): Shows the specific payload construction. Third code block (Testing): Shows the result of exploiting this payload in a browser to obtain database information (such as the function). Now, I will organize this information into a concise English Markdown format. --- Simple Doctor's Appointment System SQL Injection Vulnerability Summary Vulnerability Overview Vulnerability Name: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 (admin.php) SQL Injection #3 Vulnerability Type: SQL Injection Root Cause: In the file at line 10, the code directly concatenates the user-supplied variable into the SQL query statement without any filtering or parameterization. Impact: Attackers can exploit this vulnerability without authentication by constructing malicious requests to execute arbitrary SQL queries, thereby reading, modifying, or deleting sensitive information in the database (such as user credentials, patient records, etc.). Affected Scope Affected Product: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 Affected Version: 1.0 Affected File: Suggested Repair Use Parameterized Queries: Employ Prepared Statements to prevent SQL injection. Input Validation: Strictly validate and sanitize user input. Principle of Least Privilege: Restrict database user permissions. Regular Updates: Keep software updated and apply patches. Deploy WAF: Implement a Web Application Firewall. POC Code and Exploitation Process 1. Vulnerable Code Snippet (admin.php line 10): 2. Exploitation Payload: (Note: The screenshot payload demonstrates SQL injection via the parameter, using to bypass conditional restrictions) 3. Exploitation Result (Obtaining Database Information): ```text http://localhost/doctor/admin.php?id=1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485

Goal Reached Thanks to every supporter — we hit 100%!

Pre-Auth SQL Injection in Simple Doctor's Appointment System V1.0 (admin.php)

More from this source