Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

2021-08-17
ID: 104644
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 12/08/2021
# Exploit Author: Ömer Hasan DurmuĊŸ
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows

Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
Step 2 : Then click on the "Add Staff"
Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
Step 4 : Click on "Save and Continue"
Step 5 : Update page.
1-4-2 (www01)