| 제목 | SourceCodester Clinics Patient Management System 2.0 Cross Site Scripting |
|---|
| 설명 | Reflected XSS vulnerability was discovered in Sourcecodester's Clinic's Patient Management System - PHP 2.0 via message paramter
Affected Project: https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Official Website: Sourcecodester Clinic's Patient Management System
Version: 2.0
Releted Code: /users.php Line Number: 256-259
parameter: /users.php?message=hello
POC:
1. Download and setup the Clinic's Patient Management System - PHP 2.0
2.Login to the account and go to the "/users.php?message=hello
3. Now replace the message parameter value with xss payload
"><img src=x onerror=alert()>
4. Observer Reflected XSS
Direct link click after login: (for more details check advisory link)
5. http://192.168.95.115/users.php?message="><img src=x onerror=alert()>
|
|---|
| 원천 | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md |
|---|
| 사용자 | guru (UID 74056) |
|---|
| 제출 | 2024. 09. 04. PM 12:07 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 06. PM 11:22 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276773 [SourceCodester Clinics Patient Management System 2.0 /users.php 메시지 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|