From this webpage screenshot, we can extract the following key information about the vulnerability: - **Vulnerability Type**: Time-Based Blind SQL Injection - **Affected File**: editp3.php - **Parameter**: firstname (POST) - **Vendor**: itsourcecode - **Product**: Online Clinic Management System v1 - **Software Link**: https://itsourcecode.com/free-projects/php-project/online-clinic-management-system-php-projects-source-code/ ### Vulnerability Summary - The Online Clinic Management System contains a time-based blind SQL injection vulnerability in the `editp3.php` script. - This vulnerability allows attackers to manipulate SQL queries and steal sensitive data (such as admin credentials), potentially leading to full system compromise. ### Vulnerable Code ```php $z2 = $_POST['id']; $fname = $_POST['firstname']; $lname = $_POST['lastname']; $type = $_POST['type']; $age = $_POST['age']; $address = $_POST['address']; $query = "UPDATE patients set fname='".$fname."', lname='".$lname."', patient_type='".$type."', age='".$age."', address='".$address."' WHERE patient_id='".$z2."'"; $result = mysql_query($query) or die(mysql_error($db)); ``` ### Critical Issue Points - User-supplied data (`$_POST`) is directly concatenated into the SQL string. - No escaping, sanitization, or use of prepared statements is implemented. - This allows attackers to inject arbitrary SQL code via parameters such as `firstname`. ### Evidence: sqlmap Output The screenshot displays sqlmap tool output, confirming the existence of the vulnerability. ### Proof of Concept 1. **Request in Burp Suite** - Intercept a normal patient detail editing request using Burp Suite. - Save the original request to a file for sqlmap testing. 2. **sqlmap Export** - Run sqlmap using the Burp request file. - sqlmap confirms the injection point.