| Title | Online Medicine Ordering System - Stored XSS |
|---|
| Description | # Exploit Title: Online Medicine Ordering System - Stored XSS
# Exploit Author: Namit Sangidwar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Online Medicine Ordering System v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name", " Middle Name " and "Last Name".
Payload used:-
<script>confirm (document.cookie)</script>
Vulnerable Parameter:-
First Name
Middle Name
Last Name
Steps to reproduce:-
1. Here we login as a admin account
2. Now go to "http://localhost/omos/admin/?page=user/list" here we create an user
3. By filling our details we put our payload in the below parameters
q) First Name
b) Middle Name
c) Last Name
Payload: <script>confirm (document.cookie)</script>
4. Now as we save the user details our Payload has been triggered. |
|---|
| User | Namit13 (UID 34433) |
|---|
| Submission | 10/25/2022 20:12 (3 years ago) |
|---|
| Moderation | 10/27/2022 09:51 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 212347 [SourceCodester Online Medicine Ordering System 1.0 list First Name/Middle Name/Last Name cross site scripting] |
|---|
| Points | 17 |
|---|