CVE-2024-51099
📋 TL;DR
This CVE describes a reflected cross-site scripting (XSS) vulnerability in PHPGURUKUL Medical Card Generation System v1.0. Attackers can inject malicious scripts via the searchdata parameter in mcgs/download-medical-cards.php, which executes in users' browsers when they visit a crafted URL. This affects any organization using this specific software version.
💻 Affected Systems
- PHPGURUKUL Medical Card Generation System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform account takeover, redirect users to malicious sites, or execute actions on behalf of authenticated users, potentially leading to data theft or system compromise.
Likely Case
Attackers craft phishing emails with malicious links that execute scripts in victims' browsers, stealing session tokens or credentials when users click the links.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers, preventing exploitation.
🎯 Exploit Status
The vulnerability requires user interaction (clicking a malicious link) but is trivial to exploit with publicly available proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
1. Download the latest version if available from the vendor. 2. Replace the vulnerable file mcgs/download-medical-cards.php with the patched version. 3. Test the functionality to ensure it works correctly.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement proper input validation to reject malicious payloads and encode output to prevent script execution.
Edit mcgs/download-medical-cards.php to add: $searchdata = htmlspecialchars($_GET['searchdata'], ENT_QUOTES, 'UTF-8');
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block requests containing XSS payloads in the searchdata parameter.
Add WAF rule: Block requests where searchdata parameter contains <script>, javascript:, or other XSS indicators
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution sources
- Disable or restrict access to the vulnerable component if not essential
🔍 How to Verify
Check if Vulnerable:
Access the vulnerable page with a test payload: /mcgs/download-medical-cards.php?searchdata=<script>alert('XSS')</script> and check if the script executes.Check Version:
Check the software version in the application interface or configuration files; no specific command available.Verify Fix Applied:
After applying fixes, test with the same payload to ensure no script execution occurs and that input is properly sanitized.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to mcgs/download-medical-cards.php with searchdata parameter containing script tags or JavaScript code
- Unusual user agent strings or referrers in access logs
Network Indicators:
- Outbound connections to suspicious domains following access to the vulnerable endpoint
- Increased traffic to the medical card search functionality
SIEM Query:
source="web_logs" AND uri="/mcgs/download-medical-cards.php" AND query="*searchdata=*<script>*"🔗 References
- https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Reflected%20Cross-Site%20Scripting%20%28XSS%29-medical%20card%20details%20search.pdf
- https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Reflected%20Cross-Site%20Scripting%20%28XSS%29-medical%20card%20details%20search.pdf
