| タイトル | PHPGurukul Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 説明 | # [XSS vulnerability] found in Hospital Management System (HMS) 4.0 - (search.php)
Affected Project: **Hospital Management System (HMS)**
Platform: Web/Php
Vendor: PHPGurukul
Official Website: (https://phpgurukul.com/hospital-management-system-in-php/)
Version: 4.0
Updated: 16 May 2024
Vulnerable path/file: hms/doctor/search.php
Injection parameter: searchdata
Size: 16.7 MB
Sha256: 705263fd0533fde4c8c4d332bf943ea66de98645262cc896f415c897e824455a
## Vulnerability Description:
The code is vulnerable in search.php because it directly outputs user input ($_POST['searchdata']) into the HTML without any form of sanitization or encoding. This means that if a user submits HTML or JavaScript code within these fields, it will be rendered directly in the HTML output, executing any embedded JavaScript.
This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack.
## Vulnerable code:
if(isset($_POST['search']))
{
$sdata=$_POST['searchdata'];
?>
<h4 align="center">Result against "<?php echo $sdata;?>" keyword </h4>
## Injection Payload Tested:
<script>alert('XSS')</script>
## Execution:
When the browser parses the payload `<script>alert('XSS')</script>` code, results in a popup displaying `"XSS"`.
## Demonstration:
Below is how `search.php` looks like:
https://i.postimg.cc/KjpFrrBg/1.png
In the `Search by Name/Mobile No.` we need to add our payload `"></script><script>alert('XSS')</script>` and then click the `Search` button to trigger the XSS popup.
https://i.postimg.cc/52C1Lz06/3.png
This is how the request looks like:
https://i.postimg.cc/MGJwDGMt/2.png
## Recommendation for Preventing XSS:
To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters.
Example:
if (isset($_POST['search'])) {
$sdata = htmlspecialchars($_POST['searchdata'], ENT_QUOTES, 'UTF-8');
echo "<h4 align='center'>Result against \"$sdata\" keyword </h4>";
}
> One Click Can Change Everything: Be Secure. |
|---|
| ソース | ⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md |
|---|
| ユーザー | secuserx (UID 76735) |
|---|
| 送信 | 2024年11月03日 16:48 (2 年 ago) |
|---|
| モデレーション | 2024年11月04日 18:45 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 283031 [PHPGurukul Hospital Management System 4.0 hms/doctor/search.php searchdata クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|