### 简要描述:
Discuz! 7.2 某自带功能存在储存型XSS漏洞
### 详细说明:
还是在签到哦~
plugin.php?id=dps_sign:sign
发表签到 签到可以写入xss 但是要干扰前面的代码 才可以形成xss
[<img src="https://images.seebug.org/upload/201409/1100522754a8ee564ad50b51a9dcd8669c53e051.jpg" alt="JUAQ]LZ91S(BUV5X0Q16@6A.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1100522754a8ee564ad50b51a9dcd8669c53e051.jpg)
[<img src="https://images.seebug.org/upload/201409/1100524583a5fba1a426878f1f3598aaf1fa7dfc.jpg" alt="O{7XO10KZ2NOKF`I]S85T_D.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1100524583a5fba1a426878f1f3598aaf1fa7dfc.jpg)
[<img src="https://images.seebug.org/upload/201409/110052586eb9b707932e23abdc555c704a960028.jpg" alt="J6B8U7KFF}(SMIBGSD]OD[P.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/110052586eb9b707932e23abdc555c704a960028.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201409/110052586eb9b707932e23abdc555c704a960028.jpg" alt="J6B8U7KFF}(SMIBGSD]OD[P.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/110052586eb9b707932e23abdc555c704a960028.jpg)
京公网安备 11010502034610号
暂无评论