Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Simple Bakery Shop Management System in PHP MySQL
# Description:
The Bakery Shop Management System is a simple web-based application platform for bakery shops that
can help them to manage their stocks and day-to-day transaction with their customers.
# Vulnerability Name: Cross site scripting (XSS) in Simple Bakery Shop Management System
# Vulnerable URL: http://localhost/bsms/?page=manage_account
# Parameters Vulnerable: Full Name, Username
# Payload Used: "><script>alert("XSS")</script>
# Steps to reproduce:
1. Login with admin credential.
2. Navigate to 'Manage Account'.
3. Insert XSS payloads in input fields 'Full Name' and 'Username'.
4. Click on Update.
5. XSS payloads trigger automatically while user visits this page again.
# References
Vendor URL:
Software URL:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment