CVE-2019-14529 PoC — OpenEMR SQL注入漏洞

Source

https://github.com/Wezery/CVE-2019-14529

Associated Vulnerability

Title:OpenEMR SQL注入漏洞 (CVE-2019-14529)
Description:OpenEMR是OpenEMR社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 5.0.2之前版本中的interface/forms/eye_mag/save.php文件存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

Description

OpenEMR Security issue

Readme

# CVE-2019-14529
Multiple SQL Injection vulnerability in OpenEMR project

**Vulnerable function in file:** /openemr/interface/forms/eye_mag/save.php

**Conditions** : any authorized user

**Vulnerable versions:** <5.0.2, Fixed in 5.0.2 version.

## Description

There are two functions:
 1. "store_PDF", with non filtered variable "encounter",
 2. "canvas", with non two filtered variable "encounter" and "zone".
 
 Both functions use this variables in `DELETE` sql query without any filtration. Both variables controlled by attacker.
 
 Error messages contains code of SQL queries and SQL error message. It can be used for exploit `error-based` type of SQL Injection.
 
 ## Impact
 
 Disclosure of **VERY** sensitive information, since this software used in medical sphere.
 
 ## Other
 
 [OpenEMR official site](https://www.open-emr.org/)
 
 [OpenEMR git repo](https://github.com/openemr)
 
 [Patch for this issue](https://github.com/openemr/openemr/pull/2592)

*P.S. Special thanks to  Brady G. Miller from OpenEMR team for fast response and patches*

File Snapshot


 [4.0K]  /data/pocs/7cb6a810038aa737cfaaf649489669589f0a845d
├── [848K]  Multiple vulnerability SQL Injection.pdf
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!