Submeter #436547: PHPGuruku Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntaxinformação

TítuloPHPGuruku Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax
Descrição# [XSS vulnerability] found in Hospital Management System (HMS) 4.0 - (betweendates-detailsreports.php) Affected Project: **Hospital Management System (HMS)** Platform: Web/Php Vendor: PHPGuruku Official Website: (https://phpgurukul.com/hospital-management-system-in-php/) Version: 4.0 Updated: 16 May 2024 Vulnerable path/file: hms/admin/betweendates-detailsreports.php Injection parameter: `fromdate` , `todate` Size: 16.7 MB Sha256: 705263fd0533fde4c8c4d332bf943ea66de98645262cc896f415c897e824455a ## Vulnerability Description: The parameters $fdate and $tdate are vulnerable to XSS because they accept user input from the $_POST array and output it directly to the page without any form of sanitization or encoding. This means that if a user submits HTML or JavaScript code within these fields, it will be rendered directly in the HTML output, executing any embedded JavaScript. This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack. ## Vulnerable code: $fdate=$_POST['fromdate']; $tdate=$_POST['todate']; ?> <h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5> ## Injection Payload Tested: We need to set the `fromdate` and `todate` to: <script>alert('XSS')</script> ` ## Execution: When the browser parses this through a `POST` request, it executes the `<script>alert('XSS')</script>` code, resulting in a popup displaying `"XSS"`. ## Demonstration: Below is how `betweendates-detailsreports.php` looks like: https://i.postimg.cc/HnXLvmhw/1.png As it is a POST request we need to use a file test_form.html with the following content to be able to trigger the XSS popup: <form method="POST" action="http://localhost/hospital/hms/admin/betweendates-detailsreports.php"> <input type="text" name="fromdate" value="<script>alert('XSS')</script>"> <input type="text" name="todate" value="<script>alert('XSS')</script>"> <input type="submit" value="Submit"> </form> Then we have to open it on the browser: For example: file:///home/username/Desktop/test_form.html https://i.postimg.cc/T2gY6Rtm/2.png Before submitting the POST request we must be logged in: Default login info: Url: http://localhost/hospital/hms/admin/index.php Username: admin Password: Test@12345 After submitting the payload using POST with the vulnerable parameters `fromdate` and `todate` and the XSS payload "><script>alert('XSS')</script>, XSS is triggered: https://i.postimg.cc/B6fkcG29/3.png then we need to click OK so the next POST request executed and XSS triggered. https://i.postimg.cc/5N2GmgQ0/4.png ## Recommendation for Preventing XSS: To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters. Example: $fdate = htmlspecialchars($_POST['fromdate'], ENT_QUOTES, 'UTF-8'); $tdate = htmlspecialchars($_POST['todate'], ENT_QUOTES, 'UTF-8'); ?> <h5 align="center" style="color:blue">Report from <?php echo $fdate ?> to <?php echo $tdate ?></h5> > One Click Can Change Everything: Be Secure.
Fonte⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md
Utilizador
 secuserx (UID 76735)
Submissão03/11/2024 16h31 (há 2 anos)
Moderação04/11/2024 18h45 (1 day later)
EstadoAceite
Entrada VulDB283030 [PHPGurukul Hospital Management System 4.0 betweendates-detailsreports.php fromdate/todate Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!