Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.
134f7cc89e016dd40ec6f94be6c14e9a72f24e41d92ceac88aa2cd6916a78c10# Exploit Title: Crime reporting system - Stored cross-site scripting (XSS)
# Date: 29/07/2022
# Exploit Author: Eslam Reda
# Vendor Homepage: https://sourcecodehero.com/crime-reporting-system-project-in-php-with-source-code/
# Software Link: https://sourcecodehero.com//wp-content/uploads/2022/03/Crime-Reporting-System-Project-in-PHP-with-source-code.zip
# Version: v1.0
# Tested on: Linux/Windows
1. Login to the application "the default credentials are username:jude - password:12345", go to add users "/admin/a_users.php".
2. Fill in the form with valid information.
3. Intercept the traffic with a proxy and add the payload (<script>alert(9)</script>)) in the surname field.
4. Payload will be stored and executed when visiting "/admin/v_users.php"