Rickxy Hospital Management System SQL Injection Vulnerability in Prescription Viewing Functionality

A SQL injection vulnerability has been identified in the prescription viewing feature of the Rickxy Hospital Management System, version 1.0. The issue arises in the file his_doc_view_single_patient.php, where the pat_number GET parameter is improperly sanitized before being included in SQL queries. This flaw allows authenticated attackers with doctor roles to execute arbitrary SQL commands, potentially leading to a complete database compromise and unauthorized access to sensitive medical information, including patient records, prescriptions, and administrative credentials.

Impact

Exploitation of this vulnerability allows for a complete compromise of the application's database. This includes unauthorized access to patient medical records and sensitive healthcare data, violating HIPAA regulations. Additionally, there is a risk of stealing administrative credentials, which could lead to further privilege escalation within the application.

Reproduction

To reproduce this vulnerability, an authenticated user with a doctor role must access the patient prescription viewing feature. Once there, the user can manipulate the pat_number GET parameter by injecting SQL payloads. This can be done by capturing the request to the his_doc_view_single_patient.php endpoint and altering the parameter to include malicious SQL code. The injection can be executed using various techniques, such as time-based, union-based, or boolean-based SQL injection, to extract database information.