OURPHP <=v7.2.0 ourphp_tz.php Reflection xss
This file appears to be a test file. If the website administrator does not delete it, there may be an xss vulnerability and some information leakage.
Later, I found that this file was also referenced in the background, so it is not a test file.
By looking at line 619 of the code in the /client/manage/ourphp_tz.php
file, we can see that.
If the get method passes in two parameters, an atc parameter with a value of rt and a parameter named callback, the page will directly echo the contents of our callback parameter.
So payload is simple, as follows
1 | /client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script> |
Vulnerability recurrence
Let’s download the code through the following link and install it directly in PHP Study.
1 | https://down.chinaz.com/api/index/download?id=51308&type=code |
After installation, directly access the following path
1 | /client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script> |