Canteen Management System v.1.0 POC
VENDOR: ADD-CUSTOMER-FORM
VULNERABLE PARAMETER : name
PAYLOAD-USED : SRK_TEST"><script>alert(document.domain)</script>
CREDENTIAL_TO_USE
Username : mayuri.infospace@gmail.com
Password : rootadminSTEPS_TO_REPRODUCE
1. LOGIN INTO THE APPLICATION BY GIVING THE ABOVE CREDENTIAL
2. THEN NAVIGATE TO `CUSTOMER TAB` ON THE `LEFT PANEL` AND SELECT `Add Customer` you will be redirected to this URL: [http://localhost/youthappam/add_customer.php](http://localhost/youthappam/add_customer.php)
3. Fill up the `Add Customer Form` by adding default/random value except the `name` parameter, In the `name` parameter put the below Payload
4. Payload: `SRK_TEST"><script>alert(document.domain)</script>`
5. You will see that name parameter is not validating and sanitizing our input/
payload this lead to popo-up our XSS payloadVIDEO-POC
GOOGLE-DRIVE-LINK : VIDEO
