23 lines
No EOL
952 B
Text
23 lines
No EOL
952 B
Text
# Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting
|
|
# Date: 2018-09-05
|
|
# Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621
|
|
# Exploit Author: Gokhan Sagoglu
|
|
# Vendor Homepage:: http://creativeitem.com/
|
|
# Version: v4.0
|
|
# Live Demo: http://creativeitem.com/demo/bayanno/index.php?home
|
|
# Category: webapps
|
|
|
|
# 1. Description
|
|
# Due to improper user input management and lack of output encoding, unauthenticated users are able
|
|
# to inject malicious code via making an appointment. Malicious code runs on admin panel.
|
|
|
|
# 2. PoC
|
|
|
|
- To make an appointment go to: /bayanno/index.php?home/appointment
|
|
- Select “New Patient”.
|
|
- Type <script>alert(1)</script> as name.
|
|
- Fill the other fields with proper values.
|
|
- Click on “Book Now” button.
|
|
- Go to admin panel and login as admin: /bayanno/index.php?login
|
|
- To view patients go to: /bayanno/index.php?admin/patient
|
|
- Malicious script will run. |