Searchsploit Open emr
I decided to open a new terminal and see what exploits I could find for the OpenEmr
Last updated
I decided to open a new terminal and see what exploits I could find for the OpenEmr
Last updated
Normally in a professional pentest environment it would not be conducive to try every exploit as it could disturb normal business operations. One of the exploits I found required me to have authenticated access (which I do not at this point) So I tried to google and see what else I could find.
One interesting source that always popped up was https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf
In section 2 title - Patient Portal Authentication Bypass. The section read "An unauthenticated user is able to bypass the Patient Portal Login by simply navigating to the registration page and modifying the requested url to access the desired page. Some examples of pages in the portal directory that are accessible after browsing to the registration page include"
