Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS

vendor:

Online Doctor Appointment System

by:

Mohamed habib Smidi (Craniums)

5.4

CVSS

MEDIUM

Stored XSS

CWE

Product Name: Online Doctor Appointment System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: CVE-2021-25791

CPE: a:online_doctor_appointment_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2021

Online Doctor Appointment System 1.0 – ‘Multiple’ Stored XSS

The exploit allows an attacker to inject malicious script code into the 'First Name', 'Last Name', and 'Address' fields during the profile update process. This results in the execution of the payload each time a new page is visited or the profile is updated.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented on the affected fields to prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

# Exploit Title: Online Doctor Appointment System  1.0 - 'Multiple' Stored XSS
# Tested on: Windows 10
# Exploit Author: Mohamed habib Smidi (Craniums)
# Date: 2021-01-08
# Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14663&title=Online+Doctor+Appointment+System+in+PHP+with+Full+Source+Code
# Affected Version: Version 1
# CVE : CVE-2021-25791

Step 1: Login to the doctor account in http://TARGET/doctorappointmentsystem/adminlogin.php
Step 2: then Click on the username and go to profile
Step 3: Click on Update profile.
Step 4: Input "<script>alert("craniums")</script>"  in the field First Name,Last Name and Address.
Step 5: This Will trigger the payload each time you update or visit a new page.