漏洞平台

POC详情： fe4505df98f611735d0b0e4a0d1a0d1a329cdd9e

来源

https://github.com/mhsinj/CVE-2025-45805

关联漏洞

标题： PHPGurukul Doctor Appointment Management System 安全漏洞 (CVE-2025-45805)
描述：PHPGurukul Doctor Appointment Management System是PHPGurukul公司的一个医生预约管理系统。 PHPGurukul Doctor Appointment Management System 1.0版本存在安全漏洞，该漏洞源于清理不足，可能导致存储型跨站脚本攻击。

描述

Poc Of CVE-2025-45805

介绍

# CVE-2025-45805
Poc Of CVE-2025-45805
Affected Product: Doctor Appointment Management System
Vendor: phpgurukul
Version: 1.0
Vulnerability Type: Stored Cross-Site Scripting (XSS)

Description:
An authenticated doctor user can inject arbitrary JavaScript code into the doctor profile field (name/employee ID). The malicious payload is then rendered without sanitization when a patient selects the doctor to book an appointment, leading to arbitrary script execution in the victim’s browser. This can result in account takeover, session hijacking, or cookie theft.

Impact: High severity (Account Takeover, Session Hijacking)
Attack Vector: Remote (Stored XSS), victim must visit the booking page
Discovered by: Mohammed Hayaf Al-Saqqaf (BULLETMHS) & Ayman Al-Hakimi


[![Play](Screenshot_2025-09-02-23-41-56-09_f2cb81fb7cf38af7978f186f2a61634a.jpg)](ATO%20XSS.mp4)

文件快照


 [4.0K]  /data/pocs/fe4505df98f611735d0b0e4a0d1a0d1a329cdd9e
├── [ 14M]  ATO XSS.mp4
├── [ 868]  README.md
├── [172K]  Screenshot_2025-09-02-23-40-35-82_f2cb81fb7cf38af7978f186f2a61634a.jpg
├── [227K]  Screenshot_2025-09-02-23-41-12-32_f2cb81fb7cf38af7978f186f2a61634a.jpg
├── [193K]  Screenshot_2025-09-02-23-41-39-15_f2cb81fb7cf38af7978f186f2a61634a.jpg
└── [357K]  Screenshot_2025-09-02-23-41-56-09_f2cb81fb7cf38af7978f186f2a61634a.jpg

0 directories, 6 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。