| 제목 | PHPGurukul Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | # [XSS vulnerability] found in Hospital Management System (HMS) 4.0 - (search.php)
Affected Project: **Hospital Management System (HMS)**
Platform: Web/Php
Vendor: PHPGurukul
Official Website: (https://phpgurukul.com/hospital-management-system-in-php/)
Version: 4.0
Updated: 16 May 2024
Vulnerable path/file: hms/doctor/search.php
Injection parameter: searchdata
Size: 16.7 MB
Sha256: 705263fd0533fde4c8c4d332bf943ea66de98645262cc896f415c897e824455a
## Vulnerability Description:
The code is vulnerable in search.php because it directly outputs user input ($_POST['searchdata']) into the HTML without any form of sanitization or encoding. This means that if a user submits HTML or JavaScript code within these fields, it will be rendered directly in the HTML output, executing any embedded JavaScript.
This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack.
## Vulnerable code:
if(isset($_POST['search']))
{
$sdata=$_POST['searchdata'];
?>
<h4 align="center">Result against "<?php echo $sdata;?>" keyword </h4>
## Injection Payload Tested:
<script>alert('XSS')</script>
## Execution:
When the browser parses the payload `<script>alert('XSS')</script>` code, results in a popup displaying `"XSS"`.
## Demonstration:
Below is how `search.php` looks like:
https://i.postimg.cc/KjpFrrBg/1.png
In the `Search by Name/Mobile No.` we need to add our payload `"></script><script>alert('XSS')</script>` and then click the `Search` button to trigger the XSS popup.
https://i.postimg.cc/52C1Lz06/3.png
This is how the request looks like:
https://i.postimg.cc/MGJwDGMt/2.png
## Recommendation for Preventing XSS:
To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters.
Example:
if (isset($_POST['search'])) {
$sdata = htmlspecialchars($_POST['searchdata'], ENT_QUOTES, 'UTF-8');
echo "<h4 align='center'>Result against \"$sdata\" keyword </h4>";
}
> One Click Can Change Everything: Be Secure. |
|---|
| 원천 | ⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md |
|---|
| 사용자 | secuserx (UID 76735) |
|---|
| 제출 | 2024. 11. 03. PM 04:48 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 04. PM 06:45 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 283031 [PHPGurukul Hospital Management System 4.0 hms/doctor/search.php searchdata 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|