Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

PHP-Proxy ver<=5.1.0 have Cross-Site Scripting (XSS) Vulnerability Description


Testing Target

Abstract

PHP-Proxy before 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.

Concept

  1. First, we download the latest version from the official website and build it.
  2. In /php-proxy/index.php, only have a input field for type URL and redirect it. Then, input attack string in filed and submit. payload:<input type="text" autofocus onfocus=alert("XSS")>
  3. Show reflect XSS window.

Instance

Following are actual case.

  • ver 5.1.0
  • ver 5.0.1
  • ver 3.0.3