Doctor Appointment System 1.0 Cross Site Scripting

2021.02.28
Credit: Soham Bakore
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

# Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in comment parameter # Date: 26-02-2021 # CVE: CVE-2021-27317 # Exploit Author: Soham Bakore # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php <http://host/patient/search_result.php> Vulnerable Issue: ----------------- comment parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the comment parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)> 3] This can be used to steal cookies or perform phishing attacks on the web application ------------------ # Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in lastname parameter # Date: 26-02-2021 # CVE: CVE-2021-27318 # Exploit Author: Soham Bakore # Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html # Version: V1.0 Vulnerable File: ---------------- http://host/doctorappointment/contactus.php <http://host/patient/search_result.php> Vulnerable Issue: ----------------- lastname parameter has no input validation POC: ---- 1] Navigate to http://host/doctorappointment/contactus.php 2] In the lastname parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)> 3] This can be used to steal cookies or perform phishing attacks on the web application


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top