Exploit for Online Doctor Appointment System 1.0 Cross Site Scripting

Name: Exploit for Online Doctor Appointment System 1.0 Cross Site Scripting
Rating: 5 (124 reviews)

2021-01-08 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:160860
# Exploit Title: Online Doctor Appointment System 1.0 - Multiple Stored XSS  
# Tested on: Windows 10  
# Exploit Author: Mohamed habib Smidi (Craniums)  
# Date: 2021-01-08  
# Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14663&title=Online+Doctor+Appointment+System+in+PHP+with+Full+Source+Code  
# Affected Version: Version 1  
  
Step 1: Login to the doctor account in http://TARGET/doctorappointmentsystem/adminlogin.php  
Step 2: then Click on the username and go to profile  
Step 3: Click on Update profile.  
Step 4: Input "<script>alert("craniums")</script>" in the field First Name,Last Name and Address.  
Step 5: This Will trigger the payload each time you update or visit a new page.