CVE-2024-55100
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in Online Nurse Hiring System v1.0 allows attackers to inject malicious scripts into the fullname parameter in the admin profile page. This enables session hijacking, credential theft, or administrative actions when administrators view the compromised profile. All deployments of this specific software version are affected.
💻 Affected Systems
- Online Nurse Hiring System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control, steal sensitive nurse/patient data, deface the system, or install backdoors for persistent access.
Likely Case
Session hijacking of administrators leading to unauthorized access, data exfiltration, or privilege escalation within the system.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting the specific admin user viewing the malicious profile.
🎯 Exploit Status
Exploitation requires ability to modify admin profiles, but the XSS payload execution is simple and well-documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Locate /admin/profile.php
2. Implement proper input validation for fullname parameter
3. Add output encoding using htmlspecialchars() or similar
4. Test with malicious payloads to ensure sanitization
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to reject HTML/script tags in fullname field
// In profile.php, add: $fullname = filter_var($_POST['fullname'], FILTER_SANITIZE_STRING);
Output Encoding
allEncode all user-controlled output before rendering in HTML
// When outputting fullname: echo htmlspecialchars($fullname, ENT_QUOTES, 'UTF-8');
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads in POST requests to /admin/profile.php
- Restrict admin profile modification permissions to only trusted administrators and monitor for suspicious changes
🔍 How to Verify
Check if Vulnerable:
Attempt to submit <script>alert('XSS')</script> as fullname in admin profile and check if script executes when viewing profileCheck Version:
Check system documentation or about page; typically no built-in version commandVerify Fix Applied:
Test with same payload and verify script does not execute; check page source to confirm proper encoding📡 Detection & Monitoring
Log Indicators:
- POST requests to /admin/profile.php with script tags or JavaScript in parameters
- Unusual admin profile modifications
Network Indicators:
- HTTP traffic containing <script> tags in POST data to admin endpoints
SIEM Query:
source="web_logs" AND uri_path="/admin/profile.php" AND (request_body LIKE "%<script>%" OR request_body LIKE "%javascript:%")🔗 References
- https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55100-Online-Nurse-Hiring-System-v1.0-Stored-Cross-Site-Scripting-Vulnerability.md
- https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/
- https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55100-Online-Nurse-Hiring-System-v1.0-Stored-Cross-Site-Scripting-Vulnerability.md
