Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)

Introduction As part of my routine web-application security research, I reviewed the Online Railway Reservation System (ORRS) v1.0 from SourceCodester. My objective was straightforward: understand ...

Jan 8, 2022 Infosec, CVE

Online Veterinary Appointment System v1.0 — Multiple SQL Injection via id in Appointment Details)

Introduction I examined OVAS v1.0 to evaluate how its admin dashboard handled user-controlled identifiers that flow into database queries. Appointment management looked like a likely entry point: i...

Jan 5, 2022 Infosec, CVE

Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated)

Introduction During a focused review of HPRMS v1.0, I set out to evaluate the integrity of its record-view workflow inside the admin area—specifically how user-controlled identifiers are validated ...

Dec 30, 2021 Infosec, CVE

Hospitals Patient Records Management System v1.0 — IDOR (Account Takeover)

Introduction I reviewed HPRMS v1.0 to assess how its admin area handles identity and authorization in routine CRUD flows. Applications with profile-edit features often expose object identifiers dir...

Dec 20, 2021 Infosec, CVE

CVE-2021-44228 (Log4Shell) — Field Notes from a Focused Web-App Review

Introduction In late 2021 I revisited one of our Java web applications to validate exposure to Log4Shell. My goal was pragmatic: verify if any user-controlled input was reaching Log4j without stric...

Dec 13, 2021 Infosec, CVE

1
2
3
4
5
3 / 5