CVE-2018-17082 PoC — PHP 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-17082.yaml

Associated Vulnerability

Title:PHP 跨站脚本漏洞 (CVE-2018-17082)
Description:PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP中的Apache2组件存在跨站脚本漏洞。远程攻击者可借助‘Transfer-Encoding: chunked’请求的主体利用该漏洞注入任意的Web脚本或HTML。以下版本受到影响：PHP 5.6.38之前版本，7.0.32之前的7.0.x版本，7.1.22之前的7.1.x版本，7.2.

Description

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapi_apache2.c. Attackers can execute malicious scripts via crafted requests by sending a specially crafted chunked request.

File Snapshot


 id: CVE-2018-17082

info:
  name: Apache2 - Transfer-Encoding Chunked XSS
  author: DhiyaneshDK
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!