Hospital-Management-System Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter "special".

Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter "special".

Open tuando243 opened this issue 2 years ago • 0 comments

Add Doctor info payload to Doctor Special of Add Doctor page to target /admin-panel1.php, then use burpsuite get requests datas, change the 'special' parameter to xss payload: Step to exploit:

Navigate to http://hospital.com/admin-panel1.php
Click 'Add Doctors ', use burpsuite to insert xss payload in the "special" parameter
Click "Add Doctors"

Screenshot 2022-03-29 at 16 34 01

Screenshot 2022-03-29 at 16 34 32

Proof of concept (Poc)：

Mar 29 '22 09:03 tuando243

Hospital-Management-System Hospital-Management-System copied to clipboard

Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter "special".

Hospital-Management-System
Hospital-Management-System copied to clipboard