From this webpage screenshot, the following key vulnerability information can be obtained: - **Vulnerability Type**: Time-Based Blind SQL Injection - **Affected File**: `transact.php` - **Parameter**: `firstname` (POST) - **Vendor**: itsourcecode - **Product**: Online Clinic Management System v1 - **Software Link**: [https://itsourcecode.com/free-projects/php-project/online-clinic-management-system-php-projects-source-code/](https://itsourcecode.com/free-projects/php-project/online-clinic-management-system-php-projects-source-code/) ### Vulnerability Summary - The Online Clinic Management System contains a time-based blind SQL injection vulnerability in the `transact.php` script. This vulnerability allows attackers to manipulate SQL queries and steal sensitive data (such as admin credentials), potentially leading to full system compromise. ### Vulnerable Code ```php $Squery = "INSERT INTO patients (fname, lname, patienttype, age, address) VALUES ('".$_POST['fname']."','".$_POST['lname']."','".$_POST['Stype']."','".$_POST['Sage']."','".$_POST['Saddress']."')"; mysql_query($db,$Squery) or die ("Error in updating Database"); ``` ### Root Cause - User input (`$_POST` parameters) is directly inserted into the SQL query without parameterization. - Affected parameter: `firstname` (POST) ### Evidence - SQLMap output demonstrates the exploitation process and results. ### Proof of Concept 1. **Request in Burp Suite** - A normal patient addition attempt was intercepted using Burp Suite. - The original request was saved to a file for SQLMap testing. 2. **SQLMap Dump** - SQLMap was run using the Burp request file. - SQLMap confirmed the injection point. ### Results - The server responded with a 5-second delay, confirming a successful time-based injection. - SQLMap was able to enumerate the database (`198098003_suarezclinicdb`) and dump the `useraccounts` table.