| Titel | Online Medicine Ordering System - Stored XSS |
|---|
| Beschreibung | # Exploit Title: Online Medicine Ordering System - Stored XSS
# Exploit Author: Namit Sangidwar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Online Medicine Ordering System v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name", " Middle Name " and "Last Name".
Payload used:-
<script>confirm (document.cookie)</script>
Vulnerable Parameter:-
First Name
Middle Name
Last Name
Steps to reproduce:-
1. Here we login as a admin account
2. Now go to "http://localhost/omos/admin/?page=user/list" here we create an user
3. By filling our details we put our payload in the below parameters
q) First Name
b) Middle Name
c) Last Name
Payload: <script>confirm (document.cookie)</script>
4. Now as we save the user details our Payload has been triggered. |
|---|
| Benutzer | Namit13 (UID 34433) |
|---|
| Einreichung | 25.10.2022 20:12 (vor 3 Jahren) |
|---|
| Moderieren | 27.10.2022 09:51 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 212347 [SourceCodester Online Medicine Ordering System 1.0 list First Name/Middle Name/Last Name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|