OURPHP <=v7.2.0 ourphp_tz.php Reflection xss

  1. OURPHP <=v7.2.0 ourphp_tz.php Reflection xss
    1. Vulnerability recurrence

OURPHP <=v7.2.0 ourphp_tz.php Reflection xss

This file appears to be a test file. If the website administrator does not delete it, there may be an xss vulnerability and some information leakage.
Later, I found that this file was also referenced in the background, so it is not a test file.

By looking at line 619 of the code in the /client/manage/ourphp_tz.phpfile, we can see that.

image-20230327082422258

If the get method passes in two parameters, an atc parameter with a value of rt and a parameter named callback, the page will directly echo the contents of our callback parameter.

So payload is simple, as follows

/client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script>

Vulnerability recurrence

Let’s download the code through the following link and install it directly in PHP Study.

https://down.chinaz.com/api/index/download?id=51308&type=code

After installation, directly access the following path

/client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script>

image-20230327083116827


转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。后续可能会有评论区,不过也可以在github联系我。