| عنوان | Online Medicine Ordering System - Stored XSS |
|---|
| الوصف | # Exploit Title: Online Medicine Ordering System - Stored XSS
# Exploit Author: Namit Sangidwar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Online Medicine Ordering System v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name", " Middle Name " and "Last Name".
Payload used:-
<script>confirm (document.cookie)</script>
Vulnerable Parameter:-
First Name
Middle Name
Last Name
Steps to reproduce:-
1. Here we login as a admin account
2. Now go to "http://localhost/omos/admin/?page=user/list" here we create an user
3. By filling our details we put our payload in the below parameters
q) First Name
b) Middle Name
c) Last Name
Payload: <script>confirm (document.cookie)</script>
4. Now as we save the user details our Payload has been triggered. |
|---|
| المستخدم | Namit13 (UID 34433) |
|---|
| ارسال | 25/10/2022 08:12 PM (3 سنوات منذ) |
|---|
| الاعتدال | 27/10/2022 09:51 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 212347 [SourceCodester Online Medicine Ordering System 1.0 list First Name/Middle Name/Last Name البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|