https://pwnwiki.com/index.php?action=history&feed=atom&title=Client_Management_System_1.1_XSS%E6%BC%8F%E6%B4%9E
Client Management System 1.1 XSS漏洞 - Revision history
2026-04-15T04:29:49Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Client_Management_System_1.1_XSS%E6%BC%8F%E6%B4%9E&diff=5107&oldid=prev
Pwnwiki: Created page with "==XSS== <pre> # Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS) # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepag..."
2021-06-16T01:34:15Z
<p>Created page with "==XSS== <pre> # Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS) # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepag..."</p>
<p><b>New page</b></p><div>==XSS==<br />
<pre><br />
# Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)<br />
# Date: 14 June 2021<br />
# Exploit Author: BHAVESH KAUL<br />
# Vendor Homepage: https://phpgurukul.com<br />
# Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/<br />
# Version: 1.1<br />
# Tested on: Server: XAMPP<br />
<br />
# Description #<br />
<br />
Client Management System 1.1 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitization. <br />
<br />
# Proof of Concept (PoC) : Exploit #<br />
<br />
1) Goto: http://localhost/clientms/admin/index.php<br />
2) Login as admin using test credentials: admin/Test@123<br />
3) Goto: http://localhost/clientms/admin/admin-profile.php<br />
4) Enter the following payload in the user name field: <script>alert(1)</script><br />
5) Click on Update<br />
6) Our payload is fired and stored<br />
</pre></div>
Pwnwiki