search

HashenUdara / edoc-doctor-appointment-system

This PHP-based open source project is a web application for booking medical appointments. Patients can use the platform to easily schedule appointments with their doctors, saving time and effort. The project's source code is open for anyone to use, modify, and distribute according to their needs.
MIT License
312 stars 120 forks source link

Can we get in touch? #27

Closed Orchi1904 closed 1 year ago

Orchi1904 commented 1 year ago

Hey HashenUdara,

I am writing a research paper about your website discussing a SQL-Injection vulnerability (CVE: CVE-2022-36543). My friend Pasqualle007 already provided the fix for it. I am interested in contacting you because I have some questions regarding your website. I would be very grateful for the opportunity to get in touch with you.

Best wishes

Alexej Kunz ~ Orchi1904

HashenUdara commented 1 year ago

Hey Alexej,

I am busy with my exams in these days. Sorry about that but I am trying to response ASAP. Thanks @Pasquale007 for contribute this project to fixed some security issues.

Here, In this project I haven't forced on Cyber Security issues. In this project:

  1. I haven't used any hashing algorithm like md5 to protect users passwords.
  2. I haven't blind SQL parameters ( SQL INJECTION)
  3. And also have some XSS vulnerabilities
  4. CRSF vulnerabilities

Please check out previous issues that have already opened by other people. Then you can find more info.

Thank you.

Orchi1904 commented 1 year ago

Hey HashenUdara,

Thanks for replying! We already saw the other vulnerabilities and briefly mentioned them in our research paper.

I just wanted to ask if you know if your application is being used in a production environment by a team of doctors or something similar? This would be helpful to know for our research paper.

Thanks in advance and good luck with your exams!

HashenUdara commented 1 year ago

not really. This project is not used in production environment. For educational purposes only.