Skip to content

Persistent cross-site scripting (XSS) targeted towards web admin through /admin-panel1.php at via the parameter demail. #20

Open
@fuzzyap1

Description

@fuzzyap1

Persistent cross-site scripting (XSS) in Hospital Management System v4.0 targeted towards web admin through /admin-panel1.php at via the parameter demail.

Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'demail' parameter to xss payload: <sCrIpT>alert(5555)</ScRiPt>
mail-xss

xss-2

Proof of concept (Poc)

<sCrIpT>alert(5555)</ScRiPt>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions