Bayanno Hospital Management System v4.2 Stored XSS Injection

2019.04.23

QUIXSS (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[*] :: Title: Bayanno Hospital Management System v4.2 Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-23
[*] :: Software: Bayanno Hospital Management System v4.2
  
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the «Bayanno Hospital Management System». Current version of this web-application is 4.2.

[?] :: Demo Website:
# https://codecanyon.net/item/bayanno-hospital-management-system/5814621
# Frontend: http://creativeitem.com/demo/bayanno/
# Backend: http://creativeitem.com/demo/bayanno/index.php/login
# Login: admin@example.com, Password: 1234

[!] :: PoC Payload:
# "><script>alert('QUIXSS')</script>
# http://creativeitem.com/demo/bayanno/index.php/admin/dashboard

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests: http://creativeitem.com/demo/bayanno/index.php/login (login / password is admin@example.com / 1234). Then go to the settings page: http://creativeitem.com/demo/bayanno/index.php/admin/system_settings and save your payload in the «System Name» and/or «System Title» input fields.
# Almost each input field is vulnerable for Stored XSS Injection.

References:

https://codecanyon.net/item/bayanno-hospital-management-system/5814621

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Bayanno Hospital Management System v4.2 Stored XSS Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.