| Título | PHPGurukul Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descrição | # [XSS vulnerability] found in Hospital Management System (HMS) 4.0 - (patient-search.php)
Affected Project: **Hospital Management System (HMS)**
Platform: Web/Php
Vendor: PHPGurukul
Official Website: (https://phpgurukul.com/hospital-management-system-in-php/)
Version: 4.0
Updated: 16 May 2024
Vulnerable path/file: hms/admin/patient-search.php
Injection parameter: patient-search.php
Size: 16.7 MB
Sha256: 705263fd0533fde4c8c4d332bf943ea66de98645262cc896f415c897e824455a
<br />
## Vulnerability Description:
The code is vulnerable in patient-search.php because it directly outputs user input ($_POST['searchdata']) into the HTML without any form of sanitization or encoding. This means that if a user submits HTML or JavaScript code within these fields, it will be rendered directly in the HTML output, executing any embedded JavaScript.
This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack.
## Vulnerable code:
if(isset($_POST['search']))
{
$sdata=$_POST['searchdata'];
?>
<h4 align="center">Result against "<?php echo $sdata;?>" keyword </h4>
## Injection Payload Tested:
<script>alert('XSS')</script>
## Execution:
When the browser parses the payload `<script>alert('XSS')</script>` code, results in a popup displaying `"XSS"`.
## Demonstration:
Below is how `patient-search.php` looks like:
https://i.postimg.cc/BQFQc28d/1.png
In the `Search by Name/Mobile No.` we need to add our payload "></script><script>alert('XSS')</script> and then click the `Search` button to trigger the XSS popup.
https://i.postimg.cc/Qx6G7tmR/3.png
This is how the request looks like:
https://i.postimg.cc/J75W1Kk7/2.png
## Recommendation for Preventing XSS:
To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters.
Example:
if (isset($_POST['search'])) {
$sdata = htmlspecialchars($_POST['searchdata'], ENT_QUOTES, 'UTF-8');
echo "<h4 align='center'>Result against \"$sdata\" keyword </h4>";
}
> One Click Can Change Everything: Be Secure. |
|---|
| Fonte | ⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(patient-search.php).md |
|---|
| Utilizador | secuserx (UID 76735) |
|---|
| Submissão | 03/11/2024 16h34 (há 2 anos) |
|---|
| Moderação | 04/11/2024 18h43 (1 day later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 212444 [Hospital Management System 4.0 patient-search.php Script de Site Cruzado] |
|---|
| Pontos | 0 |
|---|