itsourcecode Online Clinic Management System SQL Injection Vulnerability in transact.php

A time-based blind SQL injection vulnerability has been identified in the Online Clinic Management System version 1.0, specifically within the transact.php file. This vulnerability allows remote attackers to manipulate SQL queries by exploiting the firstname parameter, potentially leading to unauthorized access to sensitive information such as administrative credentials. The issue arises because user input is directly incorporated into SQL queries without proper sanitization or parameterization, creating an opportunity for SQL injection attacks.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries and potentially exfiltrate sensitive data from the database. In this case, the vulnerability was demonstrated to allow enumeration of the database and dumping of user account information, according to the proof-of-concept available on GitHub.

Reproduction

The vulnerability can be reproduced by sending a POST request to the transact.php file with a crafted firstname parameter that exploits the SQL injection flaw. This can be done using tools like Burp Suite to intercept and modify the request, or by using sqlmap, a popular SQL injection exploitation tool, to automate the process.