Code Projects Hospital Information System 1.0 is vulnerable to Sotre Cross-Site Scripting (XSS)
Exploit Title: Hospital Information System V1.0 - Store XSS
Exploit Author: Ritesh Sahu
Vendor Homepage: https://code-projects.org/
Software Link: https://code-projects.org/hospital-information-system-in-php-with-source-code/
Tested on: Linux
- Visit:- http://localhost/HIS/src/index/index.php
- Login with the admin user and password.
- Go to add user:- http://localhost/HIS/src/users/addUser.php
- Add a new user using XSS Payloads.
- After Adding a new user logout admin user and login admin user.
- Go to add user:- http://localhost/HIS/src/users/addUser.php
- Now the XSS payload is working.