Skip to content

Instantly share code, notes, and snippets.

@Blackh4n
Blackh4n / CVE-2021-43362.txt
Last active November 29, 2021 16:25
CVE-2021-43362 MedData HBYS Boolen-base Blind SQL Injection - ORACLE
# Product: MedData HBYS
# DBMS: ORACLE
# SQLi type: Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
# Version: 1.0
# Description: A remote attacker can retrieve arbitrary sensitive data from SQL server with sending payloads over application to SQL server.
# Impact: Data manipulation/deletion
Sensitive data leak
Hijacking of systems
# Solution: The vendor has fixed the issue.