Crime Reporting System 1.0 Cross Site Scripting

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

SHA-256 | 134f7cc89e016dd40ec6f94be6c14e9a72f24e41d92ceac88aa2cd6916a78c10

# Exploit Title: Crime reporting system - Stored cross-site scripting (XSS)
# Date: 29/07/2022
# Exploit Author: Eslam Reda
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Linux/Windows

1. Login to the application "the default credentials are username:jude - password:12345", go to add users "/admin/a_users.php".
2. Fill in the form with valid information.
3. Intercept the traffic with a proxy and add the payload (<script>alert(9)</script>)) in the surname field.
4. Payload will be stored and executed when visiting "/admin/v_users.php"

Related Posts