Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
30 lines (28 sloc) 1023 Bytes

PHP-Proxy ver<=5.1.0 have Cross-Site Scripting (XSS) Vulnerability Description


Testing Target

Abstract

PHP-Proxy before 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.

Concept

  1. First, we download the latest version from the official website and build it.
  2. In /php-proxy/index.php, only have a input field for type URL and redirect it. Then, input attack string in filed and submit. payload:<input type="text" autofocus onfocus=alert("XSS")>
  3. Show reflect XSS window.

Instance

Following are actual case.

  • ver 5.1.0
  • ver 5.0.1
  • ver 3.0.3