Security
Headlines
HeadlinesLatestCVEs

Headline

Crime Reporting System 1.0 Cross Site Scripting

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#windows#linux#php#auth
# Exploit Title: Crime reporting system - Stored cross-site scripting (XSS)# Date: 29/07/2022# Exploit Author: Eslam Reda# Vendor Homepage: https://sourcecodehero.com/crime-reporting-system-project-in-php-with-source-code/# Software Link: https://sourcecodehero.com//wp-content/uploads/2022/03/Crime-Reporting-System-Project-in-PHP-with-source-code.zip# Version: v1.0# Tested on: Linux/Windows1. Login to the application "the default credentials are username:jude - password:12345", go to add users "/admin/a_users.php".2. Fill in the form with valid information.3. Intercept the traffic with a proxy and add the payload (<script>alert(9)</script>)) in the surname field.4. Payload will be stored and executed when visiting "/admin/v_users.php"

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass