I found a Cross-Site Scripting vulnerability via email parameter in appsearch.php. When a user registers, he can register using "<script>alert(1)</script>@gmail.com" email address (even though UI restricts users to do so, an attacker can do it using Burp Suite), and once he books an appointment, it becomes visible in the admin panel. When admin views available appointments, malicious script executes in his browser
Vulnerable Code:
echo "
$fname
$lname
$email
$contact
$doctor
$docFees
$appdate
$apptime
$appstatus
";
Email parameter here is got from Session, and it is set when the user registers
Recommendation:
Use htmlspecialchars when using such parameters from the user, and also always sanitize the input everywhere, especially when the user registers
Best Regards,
Nijat Alizada
I found a Cross-Site Scripting vulnerability via email parameter in appsearch.php. When a user registers, he can register using "<script>alert(1)</script>@gmail.com" email address (even though UI restricts users to do so, an attacker can do it using Burp Suite), and once he books an appointment, it becomes visible in the admin panel. When admin views available appointments, malicious script executes in his browser
Vulnerable Code:
echo "
$fname
$lname
$email
$contact
$doctor
$docFees
$appdate
$apptime
$appstatus
";
Email parameter here is got from Session, and it is set when the user registers
Recommendation:
Use htmlspecialchars when using such parameters from the user, and also always sanitize the input everywhere, especially when the user registers
Best Regards,
Nijat Alizada