Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2021-43362 MedData HBYS Boolen-base Blind SQL Injection - ORACLE
# Product: MedData HBYS
# DBMS: ORACLE
# SQLi type: Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
# Version: 1.0
# Description: A remote attacker can retrieve arbitrary sensitive data from SQL server with sending payloads over application to SQL server.
# Impact: Data manipulation/deletion
Sensitive data leak
Hijacking of systems
# Solution: The vendor has fixed the issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment