Clinic Queuing System - XSS

2023.04.15

Credit: Eren Arslan

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Title : Clinic Queuing System - XSS
# Author : @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html
# CVE: N/A
Used Payload :
"><script>(/eawhitehat is here/)</script>
Admin account :
Username: admin
Password: sourcecodester&123
Method :
Connect to panel : http://localhost/login.php
#Vulnerabîlity
1. After login with admin account, go to http://localhost/?page=manage_patient (+ Add Record)
2. Add the payload : "><script>(/eawhitehat is here/)</script> in ""Fullname", "Contact" and Save
3. After page reloaded your XSS Loaded
Enjoy !

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Clinic Queuing System - XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.