# CVE-2021-30030 CVE-2021-30034 CVE-2021-30039 CVE-2021-30042 RemoteClinic 2.0 存儲型XSS漏洞
==XSS==
# Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 13/04/2021 # Exploit Author: Saud Ahmad # Vendor Homepage: https://remoteclinic.io/ # Software Link: https://github.com/remoteclinic/RemoteClinic # Version: 2.0 # Tested on: Windows 10 # CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient with Full Name Field as XSS Payload: XSS">3)After Register Patient, go to "Patients" endpoint. 4)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/1 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient. 3)After Register Patient, a page redirect to Register Report Page. 4)Here is "Symptoms" Field as XSS Payload: XSS">
4)After Register Report, Click on home which is "dashboard" endpoint. 5)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/5 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient. 3)After Register Patient, a page redirect to Register Report Page. 4)When you scroll down page two fields there "Fever" and "Blood Pressure", both are vulnerable to XSS, inject XSS Payload in both Fields: XSS">
4)After Register Report, Click on home. 5)Now Click on Report, XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/8 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a New Clinic. 3)Here is four fields "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact". All are vulnerable to XSS. 4)Inject XSS Payload in all Fields: XSS">
4)Now go to Clinic Directory. 5)Click on that Clinic. 6)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容