Bayanno hospital management system 4.0 crosssite scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-09-11 | Type : webapps | Platform : php
This exploit / vulnerability Bayanno hospital management system 4.0 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting
# Date: 2018-09-05
# Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621
# Exploit Author: Gokhan Sagoglu
# Vendor Homepage:: http://creativeitem.com/
# Version: v4.0
# Live Demo: http://creativeitem.com/demo/bayanno/index.php?home
# Category: webapps

# 1. Description
# Due to improper user input management and lack of output encoding, unauthenticated users are able
# to inject malicious code via making an appointment. Malicious code runs on admin panel.

# 2. PoC

- To make an appointment go to: /bayanno/index.php?home/appointment
- Select “New Patient”.
- Type <script>alert(1)</script> as name.
- Fill the other fields with proper values.
- Click on “Book Now” button.
- Go to admin panel and login as admin: /bayanno/index.php?login
- To view patients go to: /bayanno/index.php?admin/patient
- Malicious script will run.

Bayanno hospital management system 4.0 crosssite scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Bayanno hospital management system 4.0 crosssite scripting Vulnerability / Exploit