OURPHP =v7.2.0 ourphp_out.php Reflection xss
Direct echo in the /client/manage/ourphp_out.php
file, in addition to controllable variables, allows attackers to execute xss code.
Let’s look directly at the code as follows
If the ourphp_admin parameter is logout, we will echo a controllable variable.
The controllable variable is out
And there’s a script tag in front, just close it for him.
So our payload is
/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
Vulnerability recurrence
Let’s download the code through the following link and install it directly in PHP Study.
https://down.chinaz.com/api/index/download?id=51308&type=code
After installation, directly access the following path
/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script>
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。后续可能会有评论区,不过也可以在github联系我。