Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

EDB-ID:

50195

CVE:

N/A




Platform:

PHP

Date:

2021-08-13


# Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 12/08/2021
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows

Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
Step 2 : Then click on the "Add Staff"
Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
Step 4 : Click on "Save and Continue"
Step 5 : Update page.