OURPHP =v7.2.0 ourphp_out.php Reflection xss
Direct echo in the /client/manage/ourphp_out.php file, in addition to controllable variables, allows attackers to execute xss code.
Let’s look directly at the code as follows
If the ourphp_admin parameter is logout, we will echo a controllable variable.
The controllable variable is out
And there’s a script tag in front, just close it for him.
So our payload is
1 | /client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script> |
Vulnerability recurrence
Let’s download the code through the following link and install it directly in PHP Study.
1 | https://down.chinaz.com/api/index/download?id=51308&type=code |
After installation, directly access the following path
1 | /client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(`xss`)</script> |
