M-Store- Multi-Store Inventory Management System — “Add Customer” Stored XSS

# Exploit Title: M-Store- Multi-Store Inventory Management System — “Add Customer” Stored XSS

# Exploit Author: Kislay Kumar

# Date: 2020–12–21

# Google Dork: N/A

# Vendor Homepage: https://www.bdtask.com/

# Software Link: https://codecanyon.net/item/mstore-multistore-inventory-management-system-with-full-accounts-and-installment-sale/22891251

# Affected Version: 1.0

# Patched Version: Unpatched

# Category: Web Application

# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select “Customer” from menu and click on “Add” .

Step 3. Insert payload — “><img src onerror=alert(1)> in “Customer Name” , “Address” and “Business Address”

Step 4. Now Click on “Save” and you will get alert boxes.

Thank you
Regards
Kislay Kumar

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store