Maldives Police Service Wanted Person Notice Generator

Google has a "20% time" policy that encourages their employees to spend working on creating something of their own choosing. Me, I spend a little time each day on doing something entirely, horribly and grotesquely useless. Anyway, here is something I whipped up today within a few minutes that I just had to waste while cramming for an exam in the afternoon...

The Maldives Police Service (MPS) website has a web page displaying the people on their "Wanted" list. The MPS was considerate enough to provide a (totally pointless?) facility to let people print out any of the "Wanted" person notices - a page that prominently displays the person's photo and bears the title "Hoadhaa meeheh". My interest in the page, however, is that there is a programming glitch on the page (XSS vulnerability to be precise) that paves the way for some naughty fun. This bug would have been pretty mundane and practically useless were it not on a page as amusing as a "Wanted" persons page on a country's police service website. A demo will better elucidate what I'm talking about: Wanted Notice for MAG at MPS website! (here's a screenshot).

I've created a tiny "Maldives Police Service Wanted Person Notice Generator" that you can use to generate your own "Wanted Person" listing. Copy in the URL of a photo (one of your mates?), type in their name/address/age and hit the "Generate" button. It will show a link that when viewed, crafts the page as you desire right on the MPS website. This (trick) should continue to work as long as they leave the bug unfixed.

Hmm, I hope my bum doesn't get whooped for this...

Update (19 May): They've fixed the bug and left a lovely note for me :-P

Disclaimer: These generated links don't bring any permanent change to the MPS website and are viewable as such only by using these specially crafted URLs. Use at your own risk...


  1. No Trackbacks


Display comments as (Linear | Threaded)

  1. No comments

Add Comment

HTML-Tags will be converted to Entities.
Standard emoticons like :-) and ;-) are converted to images.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.