客客专业威客系统程序xss漏洞

2014-10-16T00:00:00
ID SSV:94521
Type seebug
Reporter Root
Modified 2014-10-16T00:00:00

Description

简要描述:

参数完全没控制. 之前有个selfxss不给我审核过..

详细说明:

/control/user/shop_setting.php

<?php $strUrl = 'index.php?do=user&view=shop&op=setting'; $shopInfo=db_factory::get_one(sprintf(" select * from %switkey_shop where uid='%d' ",TABLEPRE,$gUid)); $objShopT = keke_table_class::get_instance('witkey_shop'); if (isset($formhash)&&kekezu::submitcheck($formhash)) { if (strtoupper ( CHARSET ) == 'GBK') { $shop_name = kekezu::utftogbk($shop_name ); $shop_slogans = kekezu::utftogbk($shop_slogans ); $seo_title = kekezu::utftogbk($seo_title ); $seo_keyword = kekezu::utftogbk($seo_keyword ); $seo_desc = kekezu::utftogbk($seo_desc ); } $arrData = array( 'shop_name' =>$shop_name, 'shop_slogans' =>$shop_slogans, 'seo_title' =>$seo_title, 'seo_keyword' =>$seo_keyword, 'seo_desc' =>$seo_desc, ); $intRes = $objShopT->save($arrData,array('shop_id'=>$shopInfo['shop_id'])); unset($objShopT); kekezu::show_msg('已保存',NULL,NULL,NULL,'ok'); }

http://localhost:81/keke/index.php?do=user&view=shop&op=setting 个性签名插入xss代码 访问http://localhost:81/keke/index.php?do=seller&id=1即可触发

漏洞证明:

<img src="https://images.seebug.org/upload/201410/111917060d222066864854c2c0b928f1a5e03e68.png" alt="QQ截图20141011191649.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201410/11191713456aa0394860e04777a1828ad48d425b.png" alt="QQ截图20141011191658.png" width="600" onerror="javascript:errimg(this);">