Police Crime Record Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

Exploit Database
40 阅读

作者： Ömer Hasan Durmuş

日期： 2021-08-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50195/

# Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 12/08/2021
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows

Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
Step 2 : Then click on the "Add Staff"
Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
Step 4 : Click on "Save and Continue"
Step 5 : Update page.

last Exploits
Police Crime Record Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)的更多信息

BloofoxCMS 0.5.0 – ‘fileurl’ Local File Inclusion：
EasyService Billing 1.0 – SQL Injection / Cross-Site Scripting：
cChatBox for vBulletin 3.6.8/3.7.x – SQL Injection：
YeaLink SIP-TXXXP 53.84.0.15 – ‘cmd’ Command Injection (Authenticated)：
Netgear WNR1000 – Authentication Bypass：
Kemana Directory 1.5.6 – ‘qvc_init()’ Cookie Poisoning CAPTCHA Bypass：
Joomla! Component Coupon 3.5 – SQL Injection：
WordPress Plugin BackWPup 1.4 – Multiple Information Disclosure Vulnerabilities：