phpGACL assign_group group_id parameter Reflected Cross-Site Scripting

This strike exploits a reflected cross-site scripting vulnerability in phpGACL. This vulnerability is due to insufficient validation of group_id parameter in group.php. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could result in code-execution, depending on javascript payload embedded in the malicious link. *NOTE: This strike simulates interaction with OpenEMR which uses the vulnerable version of phpGACL, which makes OpenEMR vulnerable. When running this strike in OneArm mode, the credentials used will be admin/pass and requests will be sent to /someuri instead of /openemr/someuri(default) since the OpenEMR docker used is configured that way.