0%

OURPHP <=v7.2.0 ourphp_tz.php Reflection xss

OURPHP <=v7.2.0 ourphp_tz.php Reflection xss

This file appears to be a test file. If the website administrator does not delete it, there may be an xss vulnerability and some information leakage.
Later, I found that this file was also referenced in the background, so it is not a test file.

By looking at line 619 of the code in the /client/manage/ourphp_tz.phpfile, we can see that.

image-20230327082422258

If the get method passes in two parameters, an atc parameter with a value of rt and a parameter named callback, the page will directly echo the contents of our callback parameter.

So payload is simple, as follows

1
/client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script>

Vulnerability recurrence

Let’s download the code through the following link and install it directly in PHP Study.

1
https://down.chinaz.com/api/index/download?id=51308&type=code

After installation, directly access the following path

1
/client/manage/ourphp_tz.php?act=rt&callback=<script>alert(`xss`)</script>

image-20230327083116827