Discuz! X系某插件导致储存型XSS漏洞(直接利用没过滤)

2014-09-11T00:00:00
ID SSV:93742
Type seebug
Reporter Root
Modified 2014-09-11T00:00:00

Description

简要描述:

Discuz! X系某插件导致储存型XSS漏洞(直接利用没过滤)

详细说明:

http://addon.discuz.com/?@mpage_sign.plugin 就是这款插件哦~~ 我们随便谷歌一下

[<img src="https://images.seebug.org/upload/201409/10235030981211b0125621f2185634b35d9e9ce6.jpg" alt="%GZNE~$U(CNS)J[_8G81L3.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201409/1023583334008c110920177c56dfad9ec99b4d86.jpg" alt="%_U@TFFD)(7~OFP8_L)(_KE.jpg" width="600" onerror="javascript:errimg(this);">

漏洞证明:

<img src="https://images.seebug.org/upload/201409/10235841e6ed23474d076db5c951cf61860a53c4.jpg" alt="O_S`H8_J$Q8PJ0MNKC6)NE5.jpg" width="600" onerror="javascript:errimg(this);">