Lucene search
Sandeep Vishwakarma1337DAY-ID-39514HistoryApr 02, 2024 - 12:00 a.m.
Hospital Management System v1.0 - Stored Cross Site Scripting Vulnerability
2024-04-0200:00:00
Sandeep Vishwakarma
0day.today
30
vulnerability
cross site scripting
hospital management system
arbitrary code execution
crafted payload
receptionist component
patient information
windows 10
cve-2024-29412
# Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
# Exploit Author: Sandeep Vishwakarma
# Vendor Homepage: https://code-projects.org
# Software Link: https://code-projects.org/hospital-management-system-in-php-css-javascript-and-mysql-free-download/
# Version: v1.0
# Tested on: Windows 10
# CVE : CVE-2024-29412
# Description: Stored Cross Site Scripting vulnerability in
Hospital Management System - v1.0 allows an attacker to execute arbitrary
code via a crafted payload to the 'patient_id',
'first_name','middle_initial' ,'last_name'" in /receptionist.php component.
# POC:
1. Go to the User Login page: "
http://localhost/HospitalManagementSystem-gh-pages/
2. Login with "r1" ID which is redirected to "
http://localhost/HospitalManagementSystem-gh-pages/receptionist.php"
endpoint.
3. In Patient information functionality add this payload
"><script>alert('1')</script> ,in all parameter.
4. click on submit.
# Reference:
https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29412.md
Related
exploitdb
exploitdb
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
2024-04-02 00:00:00
packetstorm
packetstorm
Hospital Management System 1.0 Cross Site Scripting
2024-04-02 00:00:00