Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)

vendor:

Dental Clinic Appointment Reservation System

by:

Reza Afsahi

8.8

CVSS

HIGH

Persistent Cross Site Scripting

CWE

Product Name: Dental Clinic Appointment Reservation System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: N/A

Related CWE: N/A

CPE: a:sourcecodester:dental_clinic_appointment_reservation_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux parrot

2021

Dental Clinic Appointment Reservation System 1.0 – ‘Firstname’ Persistent Cross Site Scripting (Authenticated)

The web application allows member to inject persistent Cross-Site-Scripting payload which will be executed in both member and Admin panel. An attacker can create an account and login as a member, inject a payload into the Firstname input, fill other inputs as desired, and click the Update button. The payload will be executed when the Admin visits the members page in their Dashboard, allowing the attacker to take over the Admin account.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)
# Date: 14-05-2021
# Exploit Author: Reza Afsahi
# Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=6848&title=Dental+Clinic+Appointment+Reservation+System+in+PHP+with+Source+Code
# Version: 1.0
# Tested on: Linux parrot

# --- Description --- #

# The web application allows member to inject persistent Cross-Site-Scripting payload which will be executed in both member and Admin panel  

# --- Proof of concept --- #

1- Create account and login as member and go to:  http://localhost/APR/edit_info.php
2- Inject this payload into Firstname input : <script>alert(document.cookie)</script>
4- and fill other inputs as you want (Other inputs might be vulnerable as well) then click on Update button.
5- refresh the page and Xss popup will be triggered.

6- Now if Admin visit this page in his/her Dashboard : http://localhost/APR/admin/members.php
7- Our Xss payload will be executed on Admin Browser

** Attacker can use this vulnerability to take over Admin account **