# Exploit Title: Loan Management System - Stored XSS on several parameters # Date: 28/07/2022 # Exploit Author: saitamang # Vendor Homepage: sourcecodester # Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip # Version: 1.0 # Tested on: Centos 7 apache2 + MySQL There are several functions and parameter affected as below: addUser.php - firstname - lastname save_ltype.php - ltype_name - ltype_desc save_borrower.php - firstname - middlename - lastname - address The payload use to inject is "/><svg/onload=alert(document.cookie)>