Zoo Management System 1.0 Cross Site Scripting

`# Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)  
# Date: 08/07/2021  
# Exploit Author: Subhadip Nag  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/  
# Version: 1.0  
# Tested on: Server: XAMPP  
  
# Description #  
  
Zoo Management System 1.0 is vulnerable to 'Multiple' stored cross site scripting because of insufficient user supplied data.  
  
# Proof of Concept (PoC) : Exploit #  
  
1) Goto: http://localhost/ZMSP/zms/admin/index.php and Login(given User & password)  
2) Goto: http://localhost/ZMSP/zms/admin/add-animals.php  
3) Fill out Animal name, Breed and Description with given payload: <script>alert(1)</script>  
4) Goto: http://localhost/ZMSP/zms/admin/manage-animals.php  
5) Stored XSS payload is fired  
  
6) Goto: http://localhost/ZMSP/zms/admin/manage-ticket.php  
7) Edit any Action field with the following payload: <script>alert(1)</script> and Update  
8) Go back and again click 'Manage Type Ticket'  
9) Stored XSS payload is fired  
  
10) Goto: http://localhost/ZMSP/zms/admin/aboutus.php   
11) In the Page 'Title' & 'Description',Enter the Payload: <script>alert(1)</script> and Click Update  
  
12) Goto: http://localhost/ZMSP/zms/admin/contactus.php  
13) Put the Same Payload in the Page 'Title' & 'Description' and Click Update   
14) Logout and click 'Back Home'  
15) Our XSS payload successful  
  
  
# Image PoC : Reference Image #  
  
1) https://ibb.co/g4hFQDV  
2) https://ibb.co/frbpf9c  
3) https://ibb.co/NtKrc9C  
4) https://ibb.co/cFGWhCz  
4) https://ibb.co/CMXmN4f  
5) https://ibb.co/C0dV0PC  
6) https://ibb.co/4ZW8tb3  
7) https://ibb.co/3zgFq9b  
8) https://ibb.co/wS8wXj8  
`