Authored by Eslam Reda

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Crime reporting system - Stored cross-site scripting (XSS)
# Date: 29/07/2022
# Exploit Author: Eslam Reda
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Linux/Windows

1. Login to the application "the default credentials are username:jude - password:12345", go to add users "/admin/a_users.php".
2. Fill in the form with valid information.
3. Intercept the traffic with a proxy and add the payload (<script>alert(9)</script>)) in the surname field.
4. Payload will be stored and executed when visiting "/admin/v_users.php"